stolostron / ansible-collection.core Goto Github PK
View Code? Open in Web Editor NEWOCM/ACM Ansible Collection
License: Apache License 2.0
OCM/ACM Ansible Collection
License: Apache License 2.0
we will find the managedserviceaccount add-on useful, and it requires a different way of installation.
https://github.com/open-cluster-management-io/managed-serviceaccount#steps
Pylint is throwing error ansible-bad-module-import: Import external package or ansible.module_utils not ansible.errors
for plugins/modules/import_eks.py
and plugins/module_utils/import_utils.py
.
Need to figure out why and solve this problem and remove the corresponding lines in the ignore file.
What do we need to do to get published to Galaxy?
Every issue connected to this Epic needs to be completed before publishing to Galaxy.
Create a role that installs the OADP operator components as well as the backup/restore instances.
To start, we will only implement S3 configuration Velero resources. Other configurations for different plugins can be added later.
Review Ansible precedents when deciding how these tests should be structured and what they should test
{
"module_stdout": "",
"module_stderr": "Traceback (most recent call last):
File "/home/runner/.ansible/tmp/ansible-tmp-1642102217.5059047-157-246553424943747/AnsiballZ_managed_serviceaccount_addon.py", line 100, in <module>
_ansiballz_main()
File "/home/runner/.ansible/tmp/ansible-tmp-1642102217.5059047-157-246553424943747/AnsiballZ_managed_serviceaccount_addon.py", line 92, in _ansiballz_main
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
File "/home/runner/.ansible/tmp/ansible-tmp-1642102217.5059047-157-246553424943747/AnsiballZ_managed_serviceaccount_addon.py", line 40, in invoke_module
runpy.run_module(mod_name='ansible_collections.ocmplus.cm.plugins.modules.managed_serviceaccount_addon', init_globals=dict(_module_fqn='ansible_collections.ocmplus.cm.plugins.modules.managed_serviceaccount_addon', _modlib_path=modlib_path),
File "/usr/lib64/python3.8/runpy.py", line 207, in run_module
return _run_module_code(code, init_globals, run_name, mod_spec)
File "/usr/lib64/python3.8/runpy.py", line 97, in _run_module_code
_run_code(code, mod_globals, init_globals,
File "/usr/lib64/python3.8/runpy.py", line 87, in _run_code
exec(code, run_globals)
File "/tmp/ansible_ocmplus.cm.managed_serviceaccount_addon_payload_ypptylh_/ansible_ocmplus.cm.managed_serviceaccount_addon_payload.zip/ansible_collections/ocmplus/cm/plugins/modules/managed_serviceaccount_addon.py", line 376, in <module>
File "/tmp/ansible_ocmplus.cm.managed_serviceaccount_addon_payload_ypptylh_/ansible_ocmplus.cm.managed_serviceaccount_addon_payload.zip/ansible_collections/ocmplus/cm/plugins/modules/managed_serviceaccount_addon.py", line 372, in main
File "/tmp/ansible_ocmplus.cm.managed_serviceaccount_addon_payload_ypptylh_/ansible_ocmplus.cm.managed_serviceaccount_addon_payload.zip/ansible_collections/ocmplus/cm/plugins/modules/managed_serviceaccount_addon.py", line 342, in execute_module
File "/tmp/ansible_ocmplus.cm.managed_serviceaccount_addon_payload_ypptylh_/ansible_ocmplus.cm.managed_serviceaccount_addon_payload.zip/ansible_collections/ocmplus/cm/plugins/modules/managed_serviceaccount_addon.py", line 225, in wait_for_serviceaccount_secret
File "/usr/local/lib/python3.8/site-packages/polling.py", line 112, in poll
if check_success(val):
File "/tmp/ansible_ocmplus.cm.managed_serviceaccount_addon_payload_ypptylh_/ansible_ocmplus.cm.managed_serviceaccount_addon_payload.zip/ansible_collections/ocmplus/cm/plugins/modules/managed_serviceaccount_addon.py", line 220, in check_success
TypeError: 'NoneType' object is not subscriptable
",
"exception": "Traceback (most recent call last):
File "/home/runner/.ansible/tmp/ansible-tmp-1642102217.5059047-157-246553424943747/AnsiballZ_managed_serviceaccount_addon.py", line 100, in <module>
_ansiballz_main()
File "/home/runner/.ansible/tmp/ansible-tmp-1642102217.5059047-157-246553424943747/AnsiballZ_managed_serviceaccount_addon.py", line 92, in _ansiballz_main
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
File "/home/runner/.ansible/tmp/ansible-tmp-1642102217.5059047-157-246553424943747/AnsiballZ_managed_serviceaccount_addon.py", line 40, in invoke_module
runpy.run_module(mod_name='ansible_collections.ocmplus.cm.plugins.modules.managed_serviceaccount_addon', init_globals=dict(_module_fqn='ansible_collections.ocmplus.cm.plugins.modules.managed_serviceaccount_addon', _modlib_path=modlib_path),
File "/usr/lib64/python3.8/runpy.py", line 207, in run_module
return _run_module_code(code, init_globals, run_name, mod_spec)
File "/usr/lib64/python3.8/runpy.py", line 97, in _run_module_code
_run_code(code, mod_globals, init_globals,
File "/usr/lib64/python3.8/runpy.py", line 87, in _run_code
exec(code, run_globals)
File "/tmp/ansible_ocmplus.cm.managed_serviceaccount_addon_payload_ypptylh_/ansible_ocmplus.cm.managed_serviceaccount_addon_payload.zip/ansible_collections/ocmplus/cm/plugins/modules/managed_serviceaccount_addon.py", line 376, in <module>
File "/tmp/ansible_ocmplus.cm.managed_serviceaccount_addon_payload_ypptylh_/ansible_ocmplus.cm.managed_serviceaccount_addon_payload.zip/ansible_collections/ocmplus/cm/plugins/modules/managed_serviceaccount_addon.py", line 372, in main
File "/tmp/ansible_ocmplus.cm.managed_serviceaccount_addon_payload_ypptylh_/ansible_ocmplus.cm.managed_serviceaccount_addon_payload.zip/ansible_collections/ocmplus/cm/plugins/modules/managed_serviceaccount_addon.py", line 342, in execute_module
File "/tmp/ansible_ocmplus.cm.managed_serviceaccount_addon_payload_ypptylh_/ansible_ocmplus.cm.managed_serviceaccount_addon_payload.zip/ansible_collections/ocmplus/cm/plugins/modules/managed_serviceaccount_addon.py", line 225, in wait_for_serviceaccount_secret
File "/usr/local/lib/python3.8/site-packages/polling.py", line 112, in poll
if check_success(val):
File "/tmp/ansible_ocmplus.cm.managed_serviceaccount_addon_payload_ypptylh_/ansible_ocmplus.cm.managed_serviceaccount_addon_payload.zip/ansible_collections/ocmplus/cm/plugins/modules/managed_serviceaccount_addon.py", line 220, in check_success
TypeError: 'NoneType' object is not subscriptable
",
"msg": "MODULE FAILURE
See stdout/stderr for the exact error",
"rc": 1,
"_ansible_no_log": false,
"changed": false
}
The collection needs instructions on how to get development started.
Providing instructions on how to setup a development environment and running a successful test suite would be nice.
TASK [ocm-install-core : Setup MultiClusterHub (MCH) instance] ******************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed to find exact match for operator.open-cluster-management.io/v1.MultiClusterHub by [kind, name, singularName, shortNames]"}
Our collection's current name is cm
(with namespace of ocmplus
).
This probably is not the most intuitive name.
Follow up with PMs on ideas for collection naming.
Running the import_eks
plugin twice does not return the same results (first time succeed, second time fail because klusterlet already exists). This is not usual ansible behavior.
Consider adding a step for when the cluster to import is already managed by some hub. Check which hub manages the given imported cluster. If it's the hub that's currently trying to import the cluster, pass with ok
green status. If a different hub manages the given cluster for import, fail.
As an automation engineer
I want to unregister/deattach a spoke cluster from an existing RHACM hub cluster.
So that I can remove cluster from management from RHACM hub
As an automation engineer
I want to register/attach a spoke cluster to an existing RHACM hub cluster.
So that I can manage the spoke cluster in terms of policies, applications, and search.
The role should mimic the attachment procedure that is available manually via the web UI and cli.
When we run galaxy_importer.main
against our collection, we get a handful of linting errors.
Importing with galaxy-importer 0.4.2
Getting doc strings via ansible-doc
Finding content inside collection
Loading role ocm_install_core
WARNING: No role description found in role metadata
Linting role ocm_install_core via ansible-lint...
WARNING: roles/ocm_install_core/tasks/main.yml:40: var-naming Task uses 'set_fact' to define variables that violates variable naming standards
WARNING: roles/ocm_install_core/tasks/main.yml:51: var-naming Task uses 'set_fact' to define variables that violates variable naming standards
WARNING: roles/ocm_install_core/tasks/main.yml:56: var-naming Task uses 'set_fact' to define variables that violates variable naming standards
WARNING: ::error file=roles/ocm_install_core/tasks/main.yml,line=40,severity=MEDIUM::var-naming Task uses 'set_fact' to define variables that violates variable naming standards
WARNING: ::error file=roles/ocm_install_core/tasks/main.yml,line=51,severity=MEDIUM::var-naming Task uses 'set_fact' to define variables that violates variable naming standards
WARNING: ::error file=roles/ocm_install_core/tasks/main.yml,line=56,severity=MEDIUM::var-naming Task uses 'set_fact' to define variables that violates variable naming standards
Loading role ocm_install_observability
WARNING: No role description found in role metadata
Linting role ocm_install_observability via ansible-lint...
Loading role ocm_detach
WARNING: No role description found in role metadata
Linting role ocm_detach via ansible-lint...
Loading role ocm_install_managedserviceaccount
WARNING: No role description found in role metadata
Linting role ocm_install_managedserviceaccount via ansible-lint...
Loading role ocm_uninstall_managedserviceaccount
WARNING: No role description found in role metadata
Linting role ocm_uninstall_managedserviceaccount via ansible-lint...
Loading role ocm_labels
WARNING: No role description found in role metadata
Linting role ocm_labels via ansible-lint...
Loading role ocm_attach
WARNING: No role description found in role metadata
Linting role ocm_attach via ansible-lint...
Loading module managed_serviceaccount_addon
Loading module import_eks
Loading module cluster_proxy_addon
Loading module_utils addon_utils
Loading module_utils import_utils
Loading inventory ocm_managedcluster
WARNING: Ignore files skip ansible-test sanity tests, found ignore-2.10.txt with 60 statement(s)
WARNING: Ignore files skip ansible-test sanity tests, found ignore-2.12.txt with 62 statement(s)
WARNING: Ignore files skip ansible-test sanity tests, found ignore-2.11.txt with 62 statement(s)
Collection loading complete
Importer processing completed successfully
We should clean this up before we actually attempt to publish to galaxy.
Currently, the ocm_install_managedserviceaccount
role uses a helm repo (as described in the addon Readme here).
It'd be a better strategy to install the chart directly from a chart .tgz
. We should consider reaching out to the team working on the addon to see if we can help them build a .tgz
file as part of their build strategy.
cloud=auto-detect
vendor=auto-detect
need to be added to the created managedcluster resource
Currently, our API uses a generated name for the ManagedServiceAccount CR (here). We should allow the user to specify if they want a generated name or static name.
- name: "Creating namespace {{ namespace_name }} on {{ target_hosts }} host group"
hosts: "{{ target_hosts }}"
connection: local
tasks:
- name: "Get ClusterProxy URL for {{ hostvars[inventory_hostname].cluster_name }}"
ocmplus.cm.cluster_proxy_addon:
hub_kubeconfig: "{{ hostvars['local-cluster'].kubeconfig }}"
managed_cluster: "{{ hostvars[inventory_hostname].cluster_name }}"
wait: True
timeout: 60
register: cluster_proxy_url
- name: debug
debug:
msg: "{{ cluster_proxy_url.cluster_url }}"
- name: "Get managed ServiceAccount token for {{ hostvars[inventory_hostname].cluster_name }}"
ocmplus.cm.managed_serviceaccount_addon:
hub_kubeconfig: "{{ hostvars['local-cluster'].kubeconfig }}"
managed_cluster: "{{ hostvars[inventory_hostname].cluster_name }}"
wait: True
timeout: 60
register: token
- name: debug
debug:
msg: "token length: {{ token.token | length }}"
- name: "Creating namespace {{ namespace_name }} on {{ hostvars[inventory_hostname].cluster_name }}"
kubernetes.core.k8s:
state: present
host: "{{ cluster_proxy_url.cluster_url }}"
validate_certs: no
api_key: "{{token.token}}"
definition:
apiVersion: v1
kind: Namespace
metadata:
name: "{{ namespace_name }}"
TASK [Creating namespace mytest on tphee-eks-1] ******************************************************************
fatal: [tphee-eks-1]: FAILED! => {"changed": false, "msg": "Failed to get client due to 503\nReason: Service Unavailable\nHTTP response headers: HTTPHeaderDict({'pragma': 'no-cache', 'cache-control': 'private, max-age=0, no-cache, no-store', 'content-type': 'text/html'})\nHTTP response body: b'<html>\\r\\n <head>\\r\\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\\r\\n\\r\\n <style type=\"text/css\">\\r\\n body {\\r\\n font-family: \"Helvetica Neue\", Helvetica, Arial, sans-serif;\\r\\n line-height: 1.66666667;\\r\\n font-size: 16px;\\r\\n color: #333;\\r\\n background-color: #fff;\\r\\n margin: 2em 1em;\\r\\n }\\r\\n h1 {\\r\\n font-size: 28px;\\r\\n font-weight: 400;\\r\\n }\\r\\n p {\\r\\n margin: 0 0 10px;\\r\\n }\\r\\n .alert.alert-info {\\r\\n background-color: #F0F0F0;\\r\\n margin-top: 30px;\\r\\n padding: 30px;\\r\\n }\\r\\n .alert p {\\r\\n padding-left: 35px;\\r\\n }\\r\\n ul {\\r\\n padding-left: 51px;\\r\\n position: relative;\\r\\n }\\r\\n li {\\r\\n font-size: 14px;\\r\\n margin-bottom: 1em;\\r\\n }\\r\\n p.info {\\r\\n position: relative;\\r\\n font-size: 20px;\\r\\n }\\r\\n p.info:before, p.info:after {\\r\\n content: \"\";\\r\\n left: 0;\\r\\n position: absolute;\\r\\n top: 0;\\r\\n }\\r\\n p.info:before {\\r\\n background: #0066CC;\\r\\n border-radius: 16px;\\r\\n color: #fff;\\r\\n content: \"i\";\\r\\n font: bold 16px/24px serif;\\r\\n height: 24px;\\r\\n left: 0px;\\r\\n text-align: center;\\r\\n top: 4px;\\r\\n width: 24px;\\r\\n }\\r\\n\\r\\n @media (min-width: 768px) {\\r\\n body {\\r\\n margin: 6em;\\r\\n }\\r\\n }\\r\\n </style>\\r\\n </head>\\r\\n <body>\\r\\n <div>\\r\\n <h1>Application is not available</h1>\\r\\n <p>The application is currently not serving requests at this endpoint. It may not have been started or is still starting.</p>\\r\\n\\r\\n <div class=\"alert alert-info\">\\r\\n <p class=\"info\">\\r\\n Possible reasons you are seeing this page:\\r\\n </p>\\r\\n <ul>\\r\\n <li>\\r\\n <strong>The host doesn\\'t exist.</strong>\\r\\n Make sure the hostname was typed correctly and that a route matching this hostname exists.\\r\\n </li>\\r\\n <li>\\r\\n <strong>The host exists, but doesn\\'t have a matching path.</strong>\\r\\n Check if the URL path was typed correctly and that the route was created using the desired path.\\r\\n </li>\\r\\n <li>\\r\\n <strong>Route and path matches, but all pods are down.</strong>\\r\\n Make sure that the resources exposed by this route (pods, services, deployment configs, etc) have at least one pod running.\\r\\n </li>\\r\\n </ul>\\r\\n </div>\\r\\n </div>\\r\\n </body>\\r\\n</html>\\r\\n'\nOriginal traceback: \n File \"/Users/hee/.pyenv/versions/3.9.9/envs/ocmplus.cm/lib/python3.9/site-packages/kubernetes/dynamic/client.py\", line 55, in inner\n resp = func(self, *args, **kwargs)\n\n File \"/Users/hee/.pyenv/versions/3.9.9/envs/ocmplus.cm/lib/python3.9/site-packages/kubernetes/dynamic/client.py\", line 270, in request\n return self.client.call_api(\n\n File \"/Users/hee/.pyenv/versions/3.9.9/envs/ocmplus.cm/lib/python3.9/site-packages/kubernetes/client/api_client.py\", line 348, in call_api\n return self.__call_api(resource_path, method,\n\n File \"/Users/hee/.pyenv/versions/3.9.9/envs/ocmplus.cm/lib/python3.9/site-packages/kubernetes/client/api_client.py\", line 180, in __call_api\n response_data = self.request(\n\n File \"/Users/hee/.pyenv/versions/3.9.9/envs/ocmplus.cm/lib/python3.9/site-packages/kubernetes/client/api_client.py\", line 373, in request\n return self.rest_client.GET(url,\n\n File \"/Users/hee/.pyenv/versions/3.9.9/envs/ocmplus.cm/lib/python3.9/site-packages/kubernetes/client/rest.py\", line 240, in GET\n return self.request(\"GET\", url,\n\n File \"/Users/hee/.pyenv/versions/3.9.9/envs/ocmplus.cm/lib/python3.9/site-packages/kubernetes/client/rest.py\", line 234, in request\n raise ApiException(http_resp=r)\n"}
PLAY RECAP *******************************************************************************************************
With Vault, we can securely store tokens retrieved by the inventory plugin
Currently, attributes like name
are buried a level deeper than expected (ex. managed_serviceaccount.managed_serviceaccount.name
). It's desirable for these attributes to be accessible from a level above (ex. managed_serviceaccount.name
).
Our doc currently outlines the desired structure: https://github.com/stolostron/ocmplus.cm/blob/main/plugins/modules/managed_serviceaccount.py#L84
/assign
Currently the generic addon plugin only installs the addon if the addon is already enabled on the hub. We want to add an option to enable (/disable?) features on the hub from the generic addon plugin.
Current roles depend on a local copy of kubeconfig to connect to hub and managed clusters.
Other mechanisms such as u/p, tokens, and contexts are available.
Refactor all the current roles for a more commonly supportable auth mechanism.
Goal: Provide a kube-native experience for users wanting to leverage ACM's policy functionality
If a role is specified without a binding (or vice versa), we should throw an intelligent error instead of silently erroring (which is what happens now).
REQUIRES FURTHER DESIGN
in our current implementation managed_serviceaccount plugin create the maanged serviceaccount and create a manifestwork to configure clusterrolebinding to bind cluster-admin clusterrole to the created maanged service account
in our next iteration we would like to split up the plugin into 2 different ones
What version do we start with when we first publish?
Should we consider an alpha suffix?
What's our support statement? Versioning notes:
As an Ansible automation engineer
I would like to be able to utilize an inventory plugin that lists the managed clusters under a hub as well as identify the nodes that each cluster is comprised of.
So that I can manage clusters adhoc as well as make changes to underlying machines via Ansible automation.
Example
{
"hub_cluster": {
"hosts": ["cluster001"],
"vars": {
"var1": true
},
"children": ["group002"]
},
"managed_clusters": {
"hosts": ["cluster002", "cluster003", "cluster004"],
"vars": {
"var2": 500
},
"children": []
},
"labelA": {
"hosts": ["cluster001", "cluster002"],
"vars": {}
},
"labelB": {
"hosts": ["cluster003", "cluster004"],
"vars": {}
},
"cluster001_wrks": {
"hosts": ["host4", "host5", "host6"]
},
"cluster001_ctls": {
"hosts": ["host1", "host2", "host3"]
},
"all": {
"children": ["ungrouped"]
},
"ungrouped": {
"children": []
},
"_meta": {
"hostvars": {
"cluster001": {
"var001": "value"
},
"cluster002": {
"var002": "value"
},
"host1": {
"fqdn": "host1.acme.com",
"ipAddress": "1.2.3.4"
}
}
}
}
As an automation engineer
I want to delete and cleanup RHACM hub installation
$ ansible-playbook -i nweather-cpa-inventory.yml ./nweather-cpa-playbook.yml --extra-vars "namespace_name=testytest target_hosts=openshift-clusters"
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details
[WARNING]: running playbook inside collection ocmplus.cm
PLAY [Creating namespace testytest on openshift-clusters host group] **********************************************************
TASK [Gathering Facts] ********************************************************************************************************
ok: [nweather-managed]
TASK [Get ClusterProxy URL for nweather-managed] ******************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: AttributeError: 'NoneType' object has no attribute 'conditions'
fatal: [nweather-managed]: FAILED! =>
{
"changed": false,
"module_stderr": "Traceback (most recent call last):\n
File \"/Users/nweather/.ansible/tmp/ansible-tmp-1642534370.6547048-57779-159874808927174/AnsiballZ_cluster_proxy_addon.py\", line 100, in <module>
_ansiballz_main()\n
File \"/Users/nweather/.ansible/tmp/ansible-tmp-1642534370.6547048-57779-159874808927174/AnsiballZ_cluster_proxy_addon.py\", line 92, in _ansiballz_main\n
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n
File \"/Users/nweather/.ansible/tmp/ansible-tmp-1642534370.6547048-57779-159874808927174/AnsiballZ_cluster_proxy_addon.py\", line 40, in invoke_module\n
runpy.run_module(mod_name='ansible_collections.ocmplus.cm.plugins.modules.cluster_proxy_addon', init_globals=dict(_module_fqn='ansible_collections.ocmplus.cm.plugins.modules.cluster_proxy_addon', _modlib_path=modlib_path),\n
File \"/usr/local/Cellar/[email protected]/3.9.9/Frameworks/Python.framework/Versions/3.9/lib/python3.9/runpy.py\", line 210, in run_module\n
return _run_module_code(code, init_globals, run_name, mod_spec)\n
File \"/usr/local/Cellar/[email protected]/3.9.9/Frameworks/Python.framework/Versions/3.9/lib/python3.9/runpy.py\", line 97, in _run_module_code\n
_run_code(code, mod_globals, init_globals,\n
File \"/usr/local/Cellar/[email protected]/3.9.9/Frameworks/Python.framework/Versions/3.9/lib/python3.9/runpy.py\", line 87, in _run_code\n
exec(code, run_globals)\n File \"/var/folders/m4/_wdtp1ws6b7748zwg8nyvc1r0000gn/T/ansible_ocmplus.cm.cluster_proxy_addon_payload_shze7g4j/ansible_ocmplus.cm.cluster_proxy_addon_payload.zip/ansible_collections/ocmplus/cm/plugins/modules/cluster_proxy_addon.py\", line 194, in <module>\n
File \"/var/folders/m4/_wdtp1ws6b7748zwg8nyvc1r0000gn/T/ansible_ocmplus.cm.cluster_proxy_addon_payload_shze7g4j/ansible_ocmplus.cm.cluster_proxy_addon_payload.zip/ansible_collections/ocmplus/cm/plugins/modules/cluster_proxy_addon.py\", line 190, in main\n
File \"/var/folders/m4/_wdtp1ws6b7748zwg8nyvc1r0000gn/T/ansible_ocmplus.cm.cluster_proxy_addon_payload_shze7g4j/ansible_ocmplus.cm.cluster_proxy_addon_payload.zip/ansible_collections/ocmplus/cm/plugins/modules/cluster_proxy_addon.py\", line 159, in execute_module\n
File \"/var/folders/m4/_wdtp1ws6b7748zwg8nyvc1r0000gn/T/ansible_ocmplus.cm.cluster_proxy_addon_payload_shze7g4j/ansible_ocmplus.cm.cluster_proxy_addon_payload.zip/ansible_collections/ocmplus/cm/plugins/module_utils/addon_utils.py\", line 72, in wait_for_addon_available\n
File \"/Users/nweather/python-venv/ansible2.12/lib/python3.9/site-packages/polling.py\", line 112, in poll\n
if check_success(val):\n
File \"/var/folders/m4/_wdtp1ws6b7748zwg8nyvc1r0000gn/T/ansible_ocmplus.cm.cluster_proxy_addon_payload_shze7g4j/ansible_ocmplus.cm.cluster_proxy_addon_payload.zip/ansible_collections/ocmplus/cm/plugins/module_utils/addon_utils.py\", line 57, in check_managed_cluster_addon_available\n
AttributeError: 'NoneType' object has no attribute 'conditions'\n",
"module_stdout": "",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1
}
currently we only have role to create managed serviceaccount but we do not have role to delete managed serviceaccount
If our collection is publish-able to Galaxy, then our community can easily use it.
We need a git action to run with our PRs to confirm that our collection can be published to Galaxy.
TODO
automationhub
CR to instantiate the private Galaxy on the long-standing clusterRelated config files: https://coreos.slack.com/archives/C02K4843LMQ/p1641503613005200
Sanity test import is throwing error import of "ansible.errors" is not allowed in this context
for plugins/modules/import_eks.py
and plugins/module_utils/import_utils.py
.
Need to figure out why and solve this problem and remove the corresponding lines in the ignore file.
/assign
This is a requirement for Ansible Galaxy.
Fix all yamllint:unparsable-with-libyaml
in all yaml files then remove the corresponding lines in the ignore file.
ERROR: Found 1 validate-modules issue(s) which need to be resolved:
ERROR: plugins/modules/managed_serviceaccount_addon.py:0:0: import-error: Exception attempting to import module for argument_spec introspection, 'Error importing backoff lib: Traceback (most recent call last):
File "/root/ansible_collections/ocmplus/cm/plugins/module_utils/import_utils.py", line 159, in <module>
import backoff
ModuleNotFoundError: No module named 'backoff'
'
example
Collecting awscli>=1.22.6
Using cached awscli-1.22.18-py3-none-any.whl (3.8 MB)
Using cached awscli-1.22.17-py3-none-any.whl (3.8 MB)
Using cached awscli-1.22.16-py3-none-any.whl (3.8 MB)
Using cached awscli-1.22.15-py3-none-any.whl (3.8 MB)
Using cached awscli-1.22.14-py3-none-any.whl (3.8 MB)
Using cached awscli-1.22.13-py3-none-any.whl (3.8 MB)
Using cached awscli-1.22.12-py3-none-any.whl (3.8 MB)
Using cached awscli-1.22.11-py3-none-any.whl (3.8 MB)
Using cached awscli-1.22.10-py3-none-any.whl (3.8 MB)
Using cached awscli-1.22.9-py3-none-any.whl (3.8 MB)
Using cached awscli-1.22.8-py3-none-any.whl (3.8 MB)
Using cached awscli-1.22.7-py3-none-any.whl (3.8 MB)
Using cached awscli-1.22.6-py3-none-any.whl (3.8 MB)
pip is literally installed all version of the package that mets our requirement
in open-cluster-management-io/managed-serviceaccount#10 we changing the default behavior of managed-serviceaccount controller to not enable the addon for all cluster by default
so in our code we need to ensure that the addon is enabled
Every time I run the import_eks
plugin, it fails the first time with the following error:
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: UnboundLocalError: local variable 'managedcluster' referenced before assignment
failed: [localhost] (item=nweather-eks) => {"ansible_loop_var": "item", "changed": false, "item": "nweather-eks", "module_stderr": "Traceback (most recent call last):\n File \"/Users/nweather/.ansible/tmp/ansible-tmp-1641924878.370075-66056-200587808912278/AnsiballZ_import_eks.py\", line 107, in <module>\n _ansiballz_main()\n File \"/Users/nweather/.ansible/tmp/ansible-tmp-1641924878.370075-66056-200587808912278/AnsiballZ_import_eks.py\", line 99, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/Users/nweather/.ansible/tmp/ansible-tmp-1641924878.370075-66056-200587808912278/AnsiballZ_import_eks.py\", line 47, in invoke_module\n runpy.run_module(mod_name='ansible_collections.ocmplus.cm.plugins.modules.import_eks', init_globals=dict(_module_fqn='ansible_collections.ocmplus.cm.plugins.modules.import_eks', _modlib_path=modlib_path),\n File \"/usr/local/Cellar/[email protected]/3.9.9/Frameworks/Python.framework/Versions/3.9/lib/python3.9/runpy.py\", line 210, in run_module\n return _run_module_code(code, init_globals, run_name, mod_spec)\n File \"/usr/local/Cellar/[email protected]/3.9.9/Frameworks/Python.framework/Versions/3.9/lib/python3.9/runpy.py\", line 97, in _run_module_code\n _run_code(code, mod_globals, init_globals,\n File \"/usr/local/Cellar/[email protected]/3.9.9/Frameworks/Python.framework/Versions/3.9/lib/python3.9/runpy.py\", line 87, in _run_code\n exec(code, run_globals)\n File \"/var/folders/m4/_wdtp1ws6b7748zwg8nyvc1r0000gn/T/ansible_ocmplus.cm.import_eks_payload_3042gq4a/ansible_ocmplus.cm.import_eks_payload.zip/ansible_collections/ocmplus/cm/plugins/modules/import_eks.py\", line 332, in <module>\n File \"/var/folders/m4/_wdtp1ws6b7748zwg8nyvc1r0000gn/T/ansible_ocmplus.cm.import_eks_payload_3042gq4a/ansible_ocmplus.cm.import_eks_payload.zip/ansible_collections/ocmplus/cm/plugins/modules/import_eks.py\", line 328, in main\n File \"/var/folders/m4/_wdtp1ws6b7748zwg8nyvc1r0000gn/T/ansible_ocmplus.cm.import_eks_payload_3042gq4a/ansible_ocmplus.cm.import_eks_payload.zip/ansible_collections/ocmplus/cm/plugins/modules/import_eks.py\", line 255, in execute_module\n File \"/var/folders/m4/_wdtp1ws6b7748zwg8nyvc1r0000gn/T/ansible_ocmplus.cm.import_eks_payload_3042gq4a/ansible_ocmplus.cm.import_eks_payload.zip/ansible_collections/ocmplus/cm/plugins/module_utils/import_utils.py\", line 117, in ensure_managedcluster\nUnboundLocalError: local variable 'managedcluster' referenced before assignment\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
The actual error to focus on is this:
ocmplus/cm/plugins/module_utils/import_utils.py\", line 117, in ensure_managedcluster\nUnboundLocalError: local variable 'managedcluster' referenced before assignment
Running the plugin a second time succeeds.
As @hanqiuzh pointed out, this seems like a timing bug we need to work out.
when attempting to run import_eks without addons
params the addons
should be initialized with default value of the addons instead of None
File "/Volumes/case-sensitive-volume/projects/src/github.com/TheRealHaoLiu/ocmplus.cm/plugins/modules/import_eks.py", line 241, in <module>
main()
File "/Volumes/case-sensitive-volume/projects/src/github.com/TheRealHaoLiu/ocmplus.cm/plugins/modules/import_eks.py", line 237, in main
execute_module(module)
File "/Volumes/case-sensitive-volume/projects/src/github.com/TheRealHaoLiu/ocmplus.cm/plugins/modules/import_eks.py", line 168, in execute_module
import_utils.ensure_klusterletaddonconfig(hub_client, eks_cluster_name, addons)
File "/Volumes/case-sensitive-volume/projects/src/github.com/TheRealHaoLiu/ocmplus.cm/.venv/lib/python3.9/site-packages/ansible_collections/ocmplus/cm/plugins/module_utils/import_utils.py", line 89, in ensure_klusterletaddonconfig
ocm_iam_policy_controller=addons['iam_policy_controller'],
TypeError: 'NoneType' object is not subscriptable```
Also we can use it for a playback demo :)
TTL support now in MSA as alpha feature. Review Ansible precedents for how best to surface this configuration in our plugin spec.
Test
Slack discussion: https://coreos.slack.com/archives/C02K4843LMQ/p1645554981081749
If paths to roles aren't a simple flat structure, things don't work (paraphrasing from Hao's findings)
Our internal code needs to run checks to confirm the supported versions of ACM/MCE are running (else throw concise errors)
when using the import_eks plugin if the user does not provide aws_access_key and aws_secret_key the module will fail
expected behavior is that like AnsibleAWSModule it will try to use the environment variables and AWS configuration of the environment to configure the credentials
(.venv) ➜ ocmplus.cm git:(cluster-proxy-addon) ✗ python plugins/modules/import_eks.py args.json
Traceback (most recent call last):
File "/Volumes/case-sensitive-volume/projects/src/github.com/TheRealHaoLiu/ocmplus.cm/plugins/modules/import_eks.py", line 238, in <module>
main()
File "/Volumes/case-sensitive-volume/projects/src/github.com/TheRealHaoLiu/ocmplus.cm/plugins/modules/import_eks.py", line 234, in main
execute_module(module)
File "/Volumes/case-sensitive-volume/projects/src/github.com/TheRealHaoLiu/ocmplus.cm/plugins/modules/import_eks.py", line 149, in execute_module
sts_token = TokenGenerator(sts_client).get_token(eks_cluster_name)
File "/Volumes/case-sensitive-volume/projects/src/github.com/TheRealHaoLiu/ocmplus.cm/.venv/lib/python3.9/site-packages/awscli/customizations/eks/get_token.py", line 96, in get_token
url = self._get_presigned_url(cluster_name)
File "/Volumes/case-sensitive-volume/projects/src/github.com/TheRealHaoLiu/ocmplus.cm/.venv/lib/python3.9/site-packages/awscli/customizations/eks/get_token.py", line 102, in _get_presigned_url
return self._sts_client.generate_presigned_url(
File "/Volumes/case-sensitive-volume/projects/src/github.com/TheRealHaoLiu/ocmplus.cm/.venv/lib/python3.9/site-packages/botocore/signers.py", line 602, in generate_presigned_url
return request_signer.generate_presigned_url(
File "/Volumes/case-sensitive-volume/projects/src/github.com/TheRealHaoLiu/ocmplus.cm/.venv/lib/python3.9/site-packages/botocore/signers.py", line 275, in generate_presigned_url
self.sign(operation_name, request, region_name,
File "/Volumes/case-sensitive-volume/projects/src/github.com/TheRealHaoLiu/ocmplus.cm/.venv/lib/python3.9/site-packages/botocore/signers.py", line 165, in sign
auth.add_auth(request)
File "/Volumes/case-sensitive-volume/projects/src/github.com/TheRealHaoLiu/ocmplus.cm/.venv/lib/python3.9/site-packages/botocore/auth.py", line 383, in add_auth
self._modify_request_before_signing(request)
File "/Volumes/case-sensitive-volume/projects/src/github.com/TheRealHaoLiu/ocmplus.cm/.venv/lib/python3.9/site-packages/botocore/auth.py", line 507, in _modify_request_before_signing
'X-Amz-Credential': self.scope(request),
File "/Volumes/case-sensitive-volume/projects/src/github.com/TheRealHaoLiu/ocmplus.cm/.venv/lib/python3.9/site-packages/botocore/auth.py", line 345, in scope
return '/'.join(scope)
TypeError: sequence item 0: expected str instance, NoneType found
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.