From 9301ed3df7d3cc3d2b67f7b0ce77dc7434a79d93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Harald=20Jens=C3=A5s?= Date: Thu, 18 Dec 2025 09:36:59 +0100 Subject: [PATCH 1/2] Reapply " [config_drive]fix _user_data_change fails assertion" This reverts commit 052cceadbe60acf9279fb609115851e5634c7298. --- roles/config_drive/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/config_drive/tasks/main.yml b/roles/config_drive/tasks/main.yml index 67b38d8c59..89f2f78908 100644 --- a/roles/config_drive/tasks/main.yml +++ b/roles/config_drive/tasks/main.yml @@ -84,7 +84,7 @@ ansible.builtin.assert: that: - _meta_data_change is not changed - - _user_data_change is not changed + - _user_data_change is skipped or _user_data_change is not changed - _net_data_change is not changed msg: >- You're trying to edit an existing ISO. This isn't possible, From d9b7ca14e4fbe2fa9732d9eb08eb996a4e7e65a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Harald=20Jens=C3=A5s?= Date: Tue, 16 Dec 2025 15:12:30 +0100 Subject: [PATCH 2/2] [config_drive] Fix _net_data_change assertion for soft-clean scenario MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Apply the same fix as _user_data_change: handle skipped tasks when cifmw_config_drive_networkconfig is undefined on subsequent runs. - Update assert to check: _userdata/_netdata is not none, since these are set in defaults/main.yml they will never be undefined. - Update assertion to check: _net_data_change is skipped or is not changed - Make network-config when condition consistent with user-data (add | length > 0) - Add soft-clean test coverage to default molecule scenario This prevents assertion failures when create-infra is run after a soft clean where the ISO already exists but network-config vars are undefined. Jira: OSPRH-22377 Assisted-By: Claude Code/claude-4.5-sonnet Signed-off-by: Harald Jensås --- .../molecule/default/converge.yml | 157 +++++++++++++++++- roles/config_drive/tasks/main.yml | 8 +- 2 files changed, 160 insertions(+), 5 deletions(-) diff --git a/roles/config_drive/molecule/default/converge.yml b/roles/config_drive/molecule/default/converge.yml index cbb896b55c..ce6516de0c 100644 --- a/roles/config_drive/molecule/default/converge.yml +++ b/roles/config_drive/molecule/default/converge.yml @@ -18,7 +18,7 @@ - name: Converge hosts: all tasks: - - name: Include config_drive role + - name: Include config_drive role with full configuration vars: cifmw_config_drive_uuid: de2f369a-1886-4a90-8e50-e419289e6850 cifmw_config_drive_name: test01 @@ -54,3 +54,158 @@ - 192.168.0.1 ansible.builtin.include_role: name: config_drive + + - name: Run config_drive role again without user-data or network-config (soft-clean scenario) + vars: + cifmw_config_drive_uuid: de2f369a-1886-4a90-8e50-e419289e6850 + cifmw_config_drive_name: test01 + cifmw_config_drive_hostname: test01.example.com + # cifmw_config_drive_userdata is not defined (simulating soft clean) + # cifmw_config_drive_networkconfig is not defined (simulating soft clean) + ansible.builtin.include_role: + name: config_drive + + - name: Verify ISO still exists after soft-clean + ansible.builtin.stat: + path: "{{ cifmw_config_drive_basedir | default(ansible_user_dir ~ '/ci-framework-data') }}/artifacts/cifmw_config_drive/de2f369a-1886-4a90-8e50-e419289e6850.iso" + register: _iso_check + + - name: Assert ISO exists + ansible.builtin.assert: + that: + - _iso_check.stat.exists + fail_msg: "ISO file should exist after soft-clean scenario" + success_msg: "Soft-clean scenario passed - ISO exists and role didn't fail on skipped tasks" + + - name: Run config_drive role again with same configuration (should pass - no changes) + vars: + cifmw_config_drive_uuid: de2f369a-1886-4a90-8e50-e419289e6850 + cifmw_config_drive_name: test01 + cifmw_config_drive_hostname: test01.example.com + cifmw_config_drive_userdata: + ssh_authorized_keys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCg1LHRahLiT1NFv4l/XH + packages: + - git + - bind-utils + write_files: + - path: /root/test.file + owner: root:root + content: |- + # Test file content + runcmd: + - ['sh', '-c', 'echo foo | tee -a /tmp/foo'] + cifmw_config_drive_networkconfig: + network: + version: 2 + ethernets: + id0: + match: + macaddress: "aa:bb:cc:dd:ee:ff" + addresses: + - 192.168.0.101/24 + routes: + - to: 0.0.0.0/0 + via: 192.168.0.1 + on-link: true + nameservers: + addresses: + - 192.168.0.1 + ansible.builtin.include_role: + name: config_drive + + - name: Attempt to change user-data on existing ISO (should fail) + block: + - name: Include config_drive with modified user-data + vars: + cifmw_config_drive_uuid: de2f369a-1886-4a90-8e50-e419289e6850 + cifmw_config_drive_name: test01 + cifmw_config_drive_hostname: test01.example.com + cifmw_config_drive_userdata: + ssh_authorized_keys: + - ssh-rsa DIFFERENT_KEY_HERE + packages: + - vim # Changed from git + cifmw_config_drive_networkconfig: + network: + version: 2 + ethernets: + id0: + match: + macaddress: "aa:bb:cc:dd:ee:ff" + addresses: + - 192.168.0.101/24 + routes: + - to: 0.0.0.0/0 + via: 192.168.0.1 + on-link: true + nameservers: + addresses: + - 192.168.0.1 + ansible.builtin.include_role: + name: config_drive + + - name: Fail if role didn't reject the change + ansible.builtin.fail: + msg: "Role should have failed when trying to change user-data on existing ISO" + + rescue: + - name: Verify the failure was due to ISO modification attempt + ansible.builtin.assert: + that: + - ansible_failed_result.msg is defined + - ansible_failed_result.msg is regex('trying to edit an existing ISO', ignorecase=True) + fail_msg: "Role failed but not with expected error message. Got: {{ ansible_failed_result.msg | default('no message') }}" + success_msg: "Role correctly rejected attempt to change user-data" + + - name: Attempt to change network-config on existing ISO (should fail) + block: + - name: Include config_drive with modified network-config + vars: + cifmw_config_drive_uuid: de2f369a-1886-4a90-8e50-e419289e6850 + cifmw_config_drive_name: test01 + cifmw_config_drive_hostname: test01.example.com + cifmw_config_drive_userdata: + ssh_authorized_keys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCg1LHRahLiT1NFv4l/XH + packages: + - git + - bind-utils + write_files: + - path: /root/test.file + owner: root:root + content: |- + # Test file content + runcmd: + - ['sh', '-c', 'echo foo | tee -a /tmp/foo'] + cifmw_config_drive_networkconfig: + network: + version: 2 + ethernets: + id0: + match: + macaddress: "11:22:33:44:55:66" # Changed MAC address + addresses: + - 192.168.0.200/24 # Changed IP + routes: + - to: 0.0.0.0/0 + via: 192.168.0.1 + on-link: true + nameservers: + addresses: + - 192.168.0.1 + ansible.builtin.include_role: + name: config_drive + + - name: Fail if role didn't reject the change + ansible.builtin.fail: + msg: "Role should have failed when trying to change network-config on existing ISO" + + rescue: + - name: Verify the failure was due to ISO modification attempt + ansible.builtin.assert: + that: + - ansible_failed_result.msg is defined + - ansible_failed_result.msg is regex('trying to edit an existing ISO', ignorecase=True) + fail_msg: "Role failed but not with expected error message. Got: {{ ansible_failed_result.msg | default('no message') }}" + success_msg: "Role correctly rejected attempt to change network-config" diff --git a/roles/config_drive/tasks/main.yml b/roles/config_drive/tasks/main.yml index 89f2f78908..e41c89ba16 100644 --- a/roles/config_drive/tasks/main.yml +++ b/roles/config_drive/tasks/main.yml @@ -51,7 +51,7 @@ - name: Generate user-data register: _user_data_change when: - - cifmw_config_drive_userdata is defined + - cifmw_config_drive_userdata is not none - cifmw_config_drive_userdata | length > 0 ansible.builtin.template: backup: true @@ -62,8 +62,8 @@ - name: Generate network-data register: _net_data_change when: - - cifmw_config_drive_networkconfig is defined - - cifmw_config_drive_networkconfig + - cifmw_config_drive_networkconfig is not none + - cifmw_config_drive_networkconfig | length > 0 ansible.builtin.template: backup: true src: "network-config.j2" @@ -85,7 +85,7 @@ that: - _meta_data_change is not changed - _user_data_change is skipped or _user_data_change is not changed - - _net_data_change is not changed + - _net_data_change is skipped or _net_data_change is not changed msg: >- You're trying to edit an existing ISO. This isn't possible, since the ISO is usually attached to a virtual machine, and