Add new role to install and configure Sushy Emulator

When provided a list of instances from either openstack or libvirt and
an operational OpenShift environment, this role will install and
configure a Sushy Emulator pod to be used in testing baremetal tasks with
virtual baremetal servers.

roles/sushy_emulator/README.md

@@ -0,0 +1,9 @@
+# sushy_emulator
+
+## Privilege escalation
+If apply, please explain the privilege escalation done in this role.
+
+## Parameters
+* `param_1`: this is an example
+
+## Examples

roles/sushy_emulator/defaults/main.yml

@@ -0,0 +1,34 @@
+---
+# Copyright Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+# All variables intended for modification should be placed in this file.
+# All variables within this role should have a prefix of "cifmw_sushy_emulator"
+
+cifmw_sushy_emulator_driver: libvirt
+cifmw_sushy_emulator_ssh_keytype: "{{ cifmw_ssh_keytype | default('ecdsa') }}"
+cifmw_sushy_emulator_ssh_key_file: bmaas-ssh-key-id_rsa
+cifmw_sushy_emulator_ssh_keysize: "{{ cifmw_ssh_keysize | default(521) }}"
+cifmw_sushy_emulator_libvirt_user: sushyemu
+cifmw_sushy_emulator_listen_ip: 0.0.0.0
+cifmw_sushy_emulator_driver_openstack_client_config_file: /etc/openstack/clouds.yaml
+cifmw_sushy_emulator_driver_openstack_cloud: None
+cifmw_sushy_emulator_namespace: sushy-emulator
+cifmw_sushy_emulator_redfish_username: admin
+cifmw_sushy_emulator_redfish_password: password
+cifmw_sushy_emulator_resource_directory: "{{ (ansible_user_dir, 'ci-framework-data', 'artifacts', 'sushy_emulator') | path_join }}"
+cifmw_sushy_emulator_image: quay.io/metal3-io/sushy-tools:latest
+cifmw_sushy_emulator_instance_node_name_prefix: edpm-compute

roles/sushy_emulator/meta/main.yml

@@ -0,0 +1,41 @@
+---
+# Copyright Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+galaxy_info:
+  author: CI Framework
+  description: CI Framework Role -- sushy_emulator
+  company: Red Hat
+  license: Apache-2.0
+  min_ansible_version: 2.14
+  namespace: cifmw
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  platforms:
+    - name: CentOS
+      versions:
+        - 9
+
+  galaxy_tags:
+    - cifmw
+
+# List your role dependencies here, one per line. Be sure to remove the '[]' above,
+# if you add dependencies to this list.
+dependencies: []

roles/sushy_emulator/molecule/default/converge.yml

@@ -0,0 +1,21 @@
+---
+# Copyright Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: Converge
+  hosts: all
+  roles:
+    - role: "sushy_emulator"

roles/sushy_emulator/molecule/default/molecule.yml

@@ -0,0 +1,26 @@
+---
+# Copyright Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# Mainly used to override the defaults set in .config/molecule/
+# By default, it uses the "config_podman.yml" - in CI, it will use
+# "config_local.yml".
+log: true
+
+provisioner:
+  name: ansible
+  log: true
+  env:
+    ANSIBLE_STDOUT_CALLBACK: yaml

roles/sushy_emulator/molecule/default/prepare.yml

@@ -0,0 +1,21 @@
+---
+# Copyright Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: Prepare
+  hosts: all
+  roles:
+    - role: test_deps

roles/sushy_emulator/tasks/apply_resources.yml

@@ -0,0 +1,23 @@
+- name: Create the sushy-emulator namespace
+  kubernetes.core.k8s:
+    kubeconfig: "{{ cifmw_openshift_kubeconfig }}"
+    api_key: "{{ cifmw_openshift_token | default(omit)}}"
+    context: "{{ cifmw_openshift_context | default(omit) }}"
+    name: "{{ cifmw_sushy_emulator_namespace }}"
+    kind: Namespace
+    state: present
+
+- name: Apply Sushy Emulator resources
+  kubernetes.core.k8s:
+    kubeconfig: "{{ cifmw_openshift_kubeconfig }}"
+    api_key: "{{ cifmw_openshift_token | default(omit)}}"
+    context: "{{ cifmw_openshift_context | default(omit) }}"
+    name: "{{ cifmw_sushy_emulator_namespace }}"
+    state: present
+    src: "{{ (cifmw_sushy_emulator_resource_directory, item+'.yaml') | path_join }}"
+  with_items:
+    - secret
+    - configmap
+    - pod
+    - service
+    - route

roles/sushy_emulator/tasks/collect_details.yml

@@ -0,0 +1,62 @@
+---
+# Copyright Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Get ingresses domain
+  environment:
+    KUBECONFIG: "{{ cifmw_openshift_kubeconfig }}"
+    PATH: "{{ cifmw_path }}"
+  ansible.builtin.command:
+    cmd: 'oc get ingresses.config/cluster -o jsonpath={.spec.domain}'
+  register: _ingress_domain
+
+- name: Get details for Libvirt driver
+  when:
+    - cifmw_sushy_emulator_driver == 'libvirt'
+  block:
+    - name: Set vars
+      ansible.builtin.set_fact:
+        _libvirt_uri: "qemu+ssh://{{ cifmw_sushy_emulator_libvirt_user }}@{{ hostvars[cifmw_edpm_deploy_baremetal_hypervisor_target].ansible_host }}/system"
+
+    - name: Get Libvirt instance UUIDs
+      delegate_to: "{{ cifmw_edpm_deploy_baremetal_hypervisor_target }}"
+      ansible.builtin.shell:
+        cmd: |
+          set -o pipefail
+          virsh --connect=qemu:///system list --all --uuid --name | grep {{ cifmw_sushy_emulator_instance_node_name_prefix }} | cut -d' ' -f1
+      register: _virsh_list_uuid
+
+    - name: Set instance_uuid variable
+      ansible.builtin.set_fact:
+        _cifmw_sushy_emulator_instances: "{{ _virsh_list_uuid.stdout_lines | regex_replace('\n(?!.*\n)', ', ')}}"
+
+- name: Gather details for Openstack driver
+  when:
+    - cifmw_sushy_emulator_driver == 'openstack'
+  block:
+    - name: Get Openstack instance UUIDs
+      ansible.builtin.command:
+        cmd: "openstack --os-cloud={{ cifmw_sushy_emulator_driver_openstack_cloud }} server list --name {{ cifmw_sushy_emulator_instance_node_name_prefix }}.* -f json -c ID | jq -c [.[].ID])"
+      register: _openstack_server_list_uuid
+
+    - name: Set instance_uuid variable for openstack driver
+      ansible.builtin.set_fact:
+        _cifmw_sushy_emulator_instances: "{{ _openstack_server_list_uuid }}"
+        _libvirt_uri: None
+
+    - name: Base64 encode openstack clouds.yaml file
+      ansible.builtin.slurp:
+        src: "{{ cifmw_sushy_emulator_driver_openstack_client_config_file }}"
+      register: _cifmw_sushy_emulator_driver_openstack_client_config_file_b64

roles/sushy_emulator/tasks/main.yml

@@ -0,0 +1,41 @@
+---
+# Copyright Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Create Sushy Emulator resource directory
+  ansible.builtin.file:
+    path: "{{ cifmw_sushy_emulator_resource_directory }}"
+    state: directory
+
+- name: Install required packages
+  become: true
+  ansible.builtin.package:
+    name: "httpd-tools"
+    state: present
+
+- name: Collect details for Sushy Emulator config
+  ansible.builtin.import_tasks: collect_details.yml
+
+- name: Setup access to libvirt hypervisor
+  ansible.builtin.import_tasks: setup_access.yml
+
+- name: Render resource files for Sushy Emulator
+  ansible.builtin.import_tasks: render_resources.yml
+
+- name: Apply resource files for Sushy Emulator
+  ansible.builtin.import_tasks: apply_resources.yml
+
+# - name: Create Sushy Emulator baremetal hosts
+#   ansible.builtin.import_tasks: create_baremetal_hosts.yml

roles/sushy_emulator/tasks/render_resources.yml

@@ -0,0 +1,32 @@
+---
+# Copyright Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Generate htpasswd string
+  ansible.builtin.command:
+    cmd: "htpasswd -nbB {{ cifmw_sushy_emulator_redfish_username | quote}} {{ cifmw_sushy_emulator_redfish_password | quote }}"
+  register: _htpasswd
+
+- name: Write sushy emulator resource loop
+  ansible.builtin.template:
+    src: "{{ item }}_yaml.j2"
+    dest: "{{ (cifmw_sushy_emulator_resource_directory, item+'.yaml') | path_join }}"
+    mode: '0644'
+  with_items:
+    - secret
+    - configmap
+    - pod
+    - service
+    - route

roles/sushy_emulator/tasks/setup_access.yml

@@ -0,0 +1,58 @@
+---
+# Copyright Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Look for Sushy Emulator keypair file
+  register: _sushy_emulator_key_file
+  ansible.builtin.stat:
+    path: "{{ (cifmw_sushy_emulator_resource_directory, 'sushy_emulator_key') | path_join }}"
+
+- name: "Generate SSH keypair and add it to hypervisor authorized keys file"
+  when:
+    - not _sushy_emulator_key_file.stat.exists
+  block:
+    - name: Generate SSH keypair
+      community.crypto.openssh_keypair:
+        comment: "sushy emulator SSH keypair"
+        path: "{{ (cifmw_sushy_emulator_resource_directory, 'sushy_emulator_key') | path_join }}"
+        type: "{{ cifmw_sushy_emulator_ssh_keytype }}"
+        size: "{{ cifmw_sushy_emulator_ssh_keysize }}"
+
+    - name: Set authorized key taken from file
+      delegate_to: "{{ cifmw_edpm_deploy_baremetal_hypervisor_target }}"
+      become: true
+      ansible.posix.authorized_key:
+        user: "{{ cifmw_sushy_emulator_libvirt_user }}"
+        state: present
+        key: "{{ lookup('file', cifmw_sushy_emulator_resource_directory+'/sushy_emulator_key.pub') }}"
+
+- name: Base64 encode ssh private key
+  ansible.builtin.slurp:
+    src: "{{ cifmw_sushy_emulator_resource_directory }}/sushy_emulator_key"
+  register: _cifmw_sushy_emulator_private_key_b64
+  no_log: true
+
+- name: Base64 encode ssh public key
+  ansible.builtin.slurp:
+    src: "{{ cifmw_sushy_emulator_resource_directory }}/sushy_emulator_key.pub"
+  register: _cifmw_sushy_emulator_public_key_b64
+  no_log: true
+
+- name: Run ssh-keyscan
+  ansible.builtin.shell:
+    cmd: |
+      set -o pipefail
+      ssh-keyscan -H {{ hostvars[cifmw_edpm_deploy_baremetal_hypervisor_target].ansible_host }} 2>/dev/null | base64
+  register: _cifmw_sushy_emulator_ssh_known_hosts_b64