-
Notifications
You must be signed in to change notification settings - Fork 203
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CI: cv_deploy molecule test to use new infra #4441
base: devel
Are you sure you want to change the base?
CI: cv_deploy molecule test to use new infra #4441
Conversation
Review docs on Read the Docs To test this pull request: # Create virtual environment for this testing below the current directory
python -m venv test-avd-pr-4441
# Activate the virtual environment
source test-avd-pr-4441/bin/activate
# Install all requirements including PyAVD
pip install "pyavd[ansible] @ git+https://github.com/sugetha24/ansible-avd.git@cv_deploy-molecule-update#subdirectory=python-avd" --force
# Point Ansible collections path to the Python virtual environment
export ANSIBLE_COLLECTIONS_PATH=$VIRTUAL_ENV/ansible_collections
# Install Ansible collection
ansible-galaxy collection install git+https://github.com/sugetha24/ansible-avd.git#/ansible_collections/arista/avd/,cv_deploy-molecule-update --force
# Optional: Install AVD examples
cd test-avd-pr-4441
ansible-playbook arista.avd.install_examples |
...ble_collections/arista/avd/molecule/cv_deploy/intended/configs/base_configs/avd-ci-leaf1.cfg
Outdated
Show resolved
Hide resolved
...ions/arista/avd/molecule/cv_deploy/intended/structured_configs/base_configs/avd-ci-leaf2.yml
Show resolved
Hide resolved
2994e4b
to
7c58a6f
Compare
aa4bc59
to
3be537b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have not tested that it runs but the PR LGTM
Please test the PR when you get a chance |
run_once: true | ||
delegate_to: localhost | ||
ansible.builtin.import_role: | ||
name: arista.avd.cv_deploy | ||
vars: | ||
cv_devices: [ci-s1-leaf1, ci-s1-leaf2, ci-s1-leaf3, ci-s1-leaf4, ci-s1-spine1, ci-s1-spine2, ci-s1-core1 ] | ||
cv_devices: [ avd-ci-leaf2, avd-ci-core1 ] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When trying to follow the guide to run the test I am not successful on the tenant getting issues (twice in a row) for task "Check CPV returns" line 176 below
Can you please investigate? I have the workspaces on the tenant if you want to verify more
Also it is very hard to troubleshoot what step is failing as the names of the task when using import_role
are hidden and so I am not sure where we are.
Suggestion would be to separate each "test" in a play in the same playbook or a whole different playbook.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess running cv_deploy with cv_submit_workspace_force = false
and expecting workspace submission to fail with Failed to submit workspace
may be achieved by stopping streaming on one of the devices first. Otherwise workspace submission just succeeds without any errors
@@ -158,18 +157,18 @@ | |||
cv_submit_workspace_force: true | |||
cv_run_change_control: true | |||
|
|||
- name: Test = Provision with cv_submit_workspace_force = false | |||
- name: Provision with cv_submit_workspace_force = false |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Stop streaming on core1 and wait to 130s seconds for streaming status turbine to notice (may need up to 2 minutes)
- name: Provision with cv_submit_workspace_force = false | |
- name: Force device avd-ci-core1 to stop streaming | |
arista.eos.eos_command: | |
commands: | |
- enable | |
- configure | |
- daemon TerminAttr | |
- shutdown | |
when: inventory_hostname == "avd-ci-core1" | |
- name: Pause for 130 seconds for streaming to stop | |
run_once: true | |
ansible.builtin.pause: | |
seconds: 130 | |
- name: Provision with cv_submit_workspace_force = false |
Once display and check tasks complete - we can then run the following task (before running next Cleanup) to re-enable streaming for core1:
- name: Force device avd-c1i-core1 to start streaming
arista.eos.eos_command:
commands:
- enable
- configure
- daemon TerminAttr
- no shutdown
when: inventory_hostname == "avd-ci-core1"
- name: Pause for 10 seconds for streaming to start
run_once: true
ansible.builtin.pause:
seconds: 10
ansible_collections/arista/avd/molecule/cv_deploy/inventory/inventory.yml
Show resolved
Hide resolved
f8aa3a7
to
e19bc32
Compare
@gmuloc and @alexeygorbunov |
14fc834
to
016d1c6
Compare
Quality Gate passedIssues Measures |
avd-ci-core1: | ||
# ansible_host: "{{ lookup('env', 'AVD_CI_CORE1_FQDN') }}" | ||
# ansible_user: "{{ lookup('env', 'EOS_EAPI_USERNAME') }}" | ||
# ansible_password: "{{ lookup('env', 'EOS_EAPI_PASSWORD') }}" | ||
# ansible_connection: httpapi | ||
# ansible_httpapi_use_ssl: True | ||
# ansible_httpapi_validate_certs: False | ||
# ansible_network_os: eos | ||
# ansible_httpapi_port: 443 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
avd-ci-core1: | |
# ansible_host: "{{ lookup('env', 'AVD_CI_CORE1_FQDN') }}" | |
# ansible_user: "{{ lookup('env', 'EOS_EAPI_USERNAME') }}" | |
# ansible_password: "{{ lookup('env', 'EOS_EAPI_PASSWORD') }}" | |
# ansible_connection: httpapi | |
# ansible_httpapi_use_ssl: True | |
# ansible_httpapi_validate_certs: False | |
# ansible_network_os: eos | |
# ansible_httpapi_port: 443 |
vars: | ||
cv_server: www.cv-staging.corp.arista.io | ||
cv_token: "{{ lookup('env', 'CVAAS_AAWG_CI') }}" | ||
cv_verify_certs: false |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As we are hitting public CVaaS endpoint - we should let SSL to verify server cert to make sure we are talking to a valid CVaaS endpoint
cv_verify_certs: false | |
cv_verify_certs: true |
ansible.builtin.debug: | ||
msg: '{{ cv_deploy_results }}' | ||
|
||
- name: Check CVP returns |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cv_deploy_results is the same for all hosts. Sufficient to perform validations/assertions only once
- name: Check CVP returns | |
- name: Check CVP returns | |
run_once: true |
- cv_deploy_results.change_control.requested_state == "completed" | ||
- cv_deploy_results.change_control.description == cv_change_control_description | ||
|
||
- name: Check tags from output |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- name: Check tags from output | |
- name: Check tags from output | |
run_once: true |
- item.0.value == item.1.value | ||
loop: "{{ cv_deploy_results.deployed_device_tags | zip(cv_deploy_results.device_tags) | list }}" | ||
|
||
- name: Extract all device tags from structured configs |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- name: Extract all device tags from structured configs | |
- name: Extract all device tags from structured configs | |
run_once: true |
expected_device_tags: "{{ intended_tags.metadata.cv_tags.device_tags }}" | ||
output_device_tags: "{{ cv_deploy_results.deployed_device_tags }}" | ||
|
||
- name: Check output device tags == intended device tags |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- name: Check output device tags == intended device tags | |
- name: Check output device tags == intended device tags | |
run_once: true |
- item.0.value == item.1.value | ||
loop: "{{ expected_device_tags | zip(output_device_tags) | list }}" | ||
|
||
- name: Extract all interface tags from role output |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- name: Extract all interface tags from role output | |
- name: Extract all interface tags from role output | |
run_once: true |
ansible.builtin.set_fact: | ||
output_interface_tags: "{{ cv_deploy_results.deployed_interface_tags }}" | ||
|
||
- name: Extract all interface tags from structured configs |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- name: Extract all interface tags from structured configs | |
- name: Extract all interface tags from structured configs | |
run_once: true |
loop_control: | ||
label: "{{ item.interface }}" | ||
|
||
- name: Check output interface tags == intended interface tags |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- name: Check output interface tags == intended interface tags | |
- name: Check output interface tags == intended interface tags | |
run_once: true |
- item.0.value == item.1.value | ||
loop: "{{ expected_interface_tags | zip(output_interface_tags) | list }}" | ||
|
||
- name: Convert unstructed data into yaml |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- name: Convert unstructed data into yaml | |
- name: Convert unstructed data into yaml | |
run_once: true |
deivces_structure: '{{ cv_deploy_results.deployed_configs | from_yaml }}' | ||
output_devices: [] | ||
|
||
- name: Extract devices from output |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- name: Extract devices from output | |
- name: Extract devices from output | |
run_once: true |
loop_control: | ||
label: "{{ item.configlet_name }}" | ||
|
||
- name: Check output devices == intended devices |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- name: Check output devices == intended devices | |
- name: Check output devices == intended devices | |
run_once: true |
cv_submit_workspace: false | ||
cv_submit_workspace_force: true | ||
|
||
- name: Check CVP returns |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- name: Check CVP returns | |
- name: Check CVP returns | |
run_once: true |
ansible.builtin.assert: | ||
that: | ||
# workspace | ||
- cv_deploy_results.workspace.state == cv_deploy_results.workspace.requested_state |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can use the following call to clean/delete WS created on CVP by this test so that they don't accumulate in UI/Aeris in an open state without being eventually submitted
- cv_deploy_results.workspace.state == cv_deploy_results.workspace.requested_state | |
- cv_deploy_results.workspace.state == cv_deploy_results.workspace.requested_state | |
- name: Cleanup orphan workspace | |
run_once: true | |
uri: | |
url: https://{{ cv_server }}/api/resources/workspace/v1/WorkspaceConfig/some | |
validate_certs: yes | |
return_content: yes | |
headers: | |
Accept: "application/json" | |
Content-Type: "application/json" | |
Authorization: "Bearer {{ lookup('env', 'CVAAS_AAWG_CI') }}" | |
method: POST | |
body_format: json | |
body: | |
{ | |
"values": [ | |
{ | |
"key": { | |
"workspaceId": "{{ cv_deploy_results.workspace.id }}" | |
}, | |
"request": "REQUEST_ABANDON", | |
"requestParams": { | |
"requestId": "{{ r }}" | |
} | |
} | |
] | |
} | |
force_basic_auth: yes | |
timeout: 10 | |
register: cvp_abandon_workspace_result | |
until: cvp_abandon_workspace_result.status == 200 | |
retries: 3 | |
delay: 3 | |
ignore_errors: True |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we should be careful to clean only our own orphan workspaces - also would it not be better to. make this a part of the action plugin? (so in another PR)
@@ -0,0 +1,61 @@ | |||
--- | |||
- name: Converge - cv_deploy with cv_submit_workspace_force = true | |||
hosts: SITE1_FABRIC |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add group INACTIVE to the scope (host avd-ci-core1 is dynamically added to it below)
hosts: SITE1_FABRIC | |
hosts: SITE1_FABRIC:INACTIVE |
vars: | ||
cv_server: www.cv-staging.corp.arista.io | ||
cv_token: "{{ lookup('env', 'CVAAS_AAWG_CI') }}" | ||
cv_verify_certs: false |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cv_verify_certs: false | |
cv_verify_certs: true |
cv_change_control_name: cc_cv_deploy-{{ r }} | ||
cv_change_control_description: sample description | ||
cv_register_detailed_results: true | ||
run_once: true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
run_once: true | |
run_once: true | |
- name: Dynamically add inactive device avd-ci-core1 to group INACTIVE | |
run_once: true | |
add_host: | |
name: avd-ci-core1 | |
groups: INACTIVE |
ansible.builtin.debug: | ||
msg: '{{ cv_deploy_results }}' | ||
|
||
- name: Check CVP returns |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- name: Check CVP returns | |
- name: Check CVP returns | |
run_once: true |
ansible.builtin.assert: | ||
that: | ||
# errors and warnings | ||
- cv_deploy_results.errors == [] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The following call can be used to clean/delete CC created by this task but not approved/executed (due to the nature of the test). This will help to keep UI/Aeris clean
- cv_deploy_results.errors == [] | |
- cv_deploy_results.errors == [] | |
- name: Cleanup orphan CC | |
run_once: true | |
uri: | |
url: https://{{ cv_server }}/api/resources/changecontrol/v1/ChangeControlConfig?key.id={{ cv_deploy_results.change_control.id }} | |
validate_certs: yes | |
return_content: yes | |
headers: | |
Accept: "application/json" | |
Content-Type: "application/json" | |
Authorization: "Bearer {{ lookup('env', 'CVAAS_AAWG_CI') }}" | |
method: DELETE | |
body_format: json | |
force_basic_auth: yes | |
timeout: 10 | |
register: cvp_abandon_cc_result | |
until: cvp_abandon_cc_result.status == 200 | |
retries: 3 | |
delay: 3 | |
ignore_errors: True | |
when: cv_deploy_results.change_control.state | lower in ['pending approval', 'approved'] |
@@ -0,0 +1,76 @@ | |||
--- | |||
- name: Converge - cv_submit_workspace_force = false | |||
hosts: SITE1_FABRIC |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hosts: SITE1_FABRIC | |
hosts: SITE1_FABRIC:INACTIVE |
vars: | ||
cv_server: www.cv-staging.corp.arista.io | ||
cv_token: "{{ lookup('env', 'CVAAS_AAWG_CI') }}" | ||
cv_verify_certs: false |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cv_verify_certs: false | |
cv_verify_certs: true |
cv_change_control_name: cc_cv_deploy-{{ r }} | ||
cv_change_control_description: sample description | ||
cv_register_detailed_results: true | ||
run_once: true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Although not needed if this play is run after 'workspace_force_true' (as updated inventory will be inherited by this play as well) - adding it here to be able to run 'workspace_force_false' when 'workspace_force_true' is excluded from converge workflow
run_once: true | |
run_once: true | |
- name: Dynamically add inactive device avd-ci-core1 to group INACTIVE | |
run_once: true | |
add_host: | |
name: avd-ci-core1 | |
groups: INACTIVE |
- name: Force device avd-ci-core1 to start streaming | ||
arista.eos.eos_command: | ||
commands: | ||
- enable | ||
- configure | ||
- daemon TerminAttr | ||
- no shutdown | ||
when: inventory_hostname == "avd-ci-core1" | ||
|
||
- name: Pause for 10 seconds for streaming to start | ||
run_once: true | ||
ansible.builtin.pause: | ||
seconds: 10 | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not needed as 'avd-ci-core1' is now in shutdown state, permanently in STEAMING_INACTIVE state. Other plays should not be impacted as we dynamically add avd-ci-core1 only where presence of non-streaming device is needed
- name: Force device avd-ci-core1 to start streaming | |
arista.eos.eos_command: | |
commands: | |
- enable | |
- configure | |
- daemon TerminAttr | |
- no shutdown | |
when: inventory_hostname == "avd-ci-core1" | |
- name: Pause for 10 seconds for streaming to start | |
run_once: true | |
ansible.builtin.pause: | |
seconds: 10 |
ansible.builtin.debug: | ||
msg: '{{ cv_deploy_results }}' | ||
|
||
- name: Check CVP returns |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- name: Check CVP returns | |
- name: Check CVP returns | |
run_once: true |
ansible.builtin.assert: | ||
that: | ||
# errors and warnings | ||
- "'Failed to submit workspace' in cv_deploy_results.errors[0]" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See detailed comments in similar section of *_true.yml
- "'Failed to submit workspace' in cv_deploy_results.errors[0]" | |
- "'Failed to submit workspace' in cv_deploy_results.errors[0]" | |
- name: Cleanup orphan workspace | |
run_once: true | |
uri: | |
url: https://{{ cv_server }}/api/resources/workspace/v1/WorkspaceConfig/some | |
validate_certs: yes | |
return_content: yes | |
headers: | |
Accept: "application/json" | |
Content-Type: "application/json" | |
Authorization: "Bearer {{ lookup('env', 'CVAAS_AAWG_CI') }}" | |
method: POST | |
body_format: json | |
body: | |
{ | |
"values": [ | |
{ | |
"key": { | |
"workspaceId": "{{ cv_deploy_results.workspace.id }}" | |
}, | |
"request": "REQUEST_ABANDON", | |
"requestParams": { | |
"requestId": "{{ r }}" | |
} | |
} | |
] | |
} | |
force_basic_auth: yes | |
timeout: 10 | |
register: cvp_abandon_workspace_result | |
until: cvp_abandon_workspace_result.status == 200 | |
retries: 3 | |
delay: 3 | |
ignore_errors: True |
vars: | ||
cv_server: www.cv-staging.corp.arista.io | ||
cv_token: "{{ lookup('env', 'CVAAS_AAWG_CI') }}" | ||
cv_verify_certs: false |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cv_verify_certs: false | |
cv_verify_certs: true |
ansible.builtin.debug: | ||
msg: '{{ cv_deploy_results }}' | ||
|
||
- name: Check CVP returns |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- name: Check CVP returns | |
- name: Check CVP returns | |
run_once: true |
ansible.builtin.assert: | ||
that: | ||
# Change control | ||
- cv_deploy_results.change_control.requested_state == "pending approval" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- cv_deploy_results.change_control.requested_state == "pending approval" | |
- cv_deploy_results.change_control.requested_state == "pending approval" | |
- name: Cleanup orphan CC | |
run_once: true | |
uri: | |
url: https://{{ cv_server }}/api/resources/changecontrol/v1/ChangeControlConfig?key.id={{ cv_deploy_results.change_control.id }} | |
validate_certs: yes | |
return_content: yes | |
headers: | |
Accept: "application/json" | |
Content-Type: "application/json" | |
Authorization: "Bearer {{ lookup('env', 'CVAAS_AAWG_CI') }}" | |
method: DELETE | |
body_format: json | |
force_basic_auth: yes | |
timeout: 10 | |
register: cvp_abandon_cc_result | |
until: cvp_abandon_cc_result.status == 200 | |
retries: 3 | |
delay: 3 | |
ignore_errors: True | |
when: cv_deploy_results.change_control.state | lower in ['pending approval', 'approved'] |
Change Summary
Updated molecule tests to use the new EVE-NG lab