add more configs

containers/Dockerfile.f36

@@ -0,0 +1,18 @@
+FROM quay.io/fedora/fedora:36-x86_64
+ 
+ENV XDG_CACHE_HOME=/root/.cache
+RUN dnf update -y && dnf install -y iproute rsync git traceroute unzip bzip2 \
+  bzip2-devel libffi-devel sqlite-devel sqlite-devel rpm-sign expect \
+  make curl wget tar procps-ng which sudo unzip findutils grep ncurses-devel \
+  openssl-devel zlib-devel krb5-devel make cmake gcc gcc-c++ rpm-build \
+  python3.6 python3.7 python3.8 python3.9 python3.10 python3.11 python3-dnf \
+  python3-setuptools python3 python3-devel python3-wheel python3-pip && \
+  dnf clean all
+
+RUN ln -sf /bin/pip3 /bin/pip && /bin/pip3 install --user 'tox>=3.8.0' os-testr
+
+RUN mv /etc/sudoers /etc/sudoers.d/zuul && grep includedir /etc/sudoers.d/zuul > /etc/sudoers && sed -e 's/.*includedir.*//' -i /etc/sudoers.d/zuul && chmod 440 /etc/sudoers
+
+RUN echo 'zuul:x:0:0:root:/root:/bin/bash' >> /etc/passwd
+ENV PATH=/root/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+WORKDIR /root

nodepool/nodepool.yaml

@@ -0,0 +1,46 @@
+---
+images-dir: /opt/nodepool/images
+elements-dir: /data/nodepool/elements
+webapp:
+  port: 8005
+
+zookeeper-servers:
+  - host: zookeeper.zuul-ci.svc.cluster.local
+    port: 2281
+
+zookeeper-tls:
+  cert: /tls/client/tls.crt
+  key: /tls/client/tls.key
+  ca: /tls/client/ca.crt
+
+diskimages:
+
+labels:
+  - name: pod-fedora-latest
+  - name: pod-fedora-35
+  - name: pod-fedora-36
+
+providers:
+  - name: osinfra
+    driver: kubernetes
+    context: otcci
+    pools:
+      - name: zuul
+        labels:
+          # - name: kubernetes-namespace
+          #   type: namespace
+          - name: pod-fedora-latest
+            type: pod
+            image: quay.io/opentelekomcloud/zuul-fedora:33
+            cpu: 2
+            memory: 2048
+          - name: pod-fedora-35
+            type: pod
+            image: quay.io/opentelekomcloud/zuul-fedora:35
+            cpu: 2
+            memory: 2048
+          - name: pod-fedora-36
+            type: pod
+            image: quay.io/opentelekomcloud/zuul-fedora:36
+            cpu: 2
+            memory: 2048

playbooks/base/cleanup.yaml

@@ -0,0 +1,16 @@
+- hosts: all
+  tasks:
+    - name: Gather debug info on job fail
+      when: not (zuul_success | bool)
+      block:
+        - name: get df disk usage
+          raw: timeout -k 5 90 df
+
+        - name: get df inode usage
+          raw: timeout -k 5 90 df -i
+
+        - name: get l2 networking
+          raw: timeout -k 5 90 ip link
+
+        - name: get l3 networking
+          raw: timeout -k 5 90 ip addr

playbooks/base/library

@@ -0,0 +1 @@
+../library

playbooks/base/post-logs.yaml

@@ -0,0 +1,27 @@
+- hosts: localhost
+  tasks:
+    - name: Include Zuul manifest role
+      include_role:
+        name: generate-zuul-manifest
+
+    - name: Get cloud config from vault
+      no_log: true
+      vault_cloud_config:
+        vault_addr: "{{ zuul_vault_addr }}"
+        vault_token: "{{ lookup('file', zuul_base_vault_token_path) }}"
+        cloud_secret_path: "{{ vault_cloud_secret_path }}"
+        mode: "token"
+      register: cloud_config
+
+    - name: Include upload logs role
+      no_log: true
+      include_role:
+        name: upload-logs-swift1
+      vars:
+        zuul_log_path_shard_build: true
+        zuul_log_cloud_config: '{{ cloud_config.config }}'
+        zuul_log_partition: false
+        zuul_log_delete_after: 648000
+        # Unique log prefix to avoid container name collisions when ceph is
+        # used.
+        zuul_log_container: zuul_logs

playbooks/base/post.yaml

@@ -0,0 +1,29 @@
+- hosts: all
+  tasks:
+    - block:
+        - include_role:
+            name: fetch-output
+      when:
+        - "ansible_connection != 'kubectl'"
+        - ansible_user_dir is defined
+
+    - block:
+        - include_role:
+            name: fetch-output-openshift
+      when:
+        - "ansible_connection == 'kubectl'"
+        - ansible_user_dir is defined
+
+    - import_role:
+        name: merge-output-to-logs
+      when: ansible_user_dir is defined
+
+- hosts: all
+  ignore_errors: yes
+  tasks:
+    - block:
+        - include_role:
+            name: remove-build-sshkey
+      when:
+        - "ansible_connection != 'kubectl'"
+        - ansible_user_dir is defined

playbooks/base/pre.yaml

@@ -0,0 +1,52 @@
+- hosts: localhost
+  roles:
+    - role: emit-job-header
+      zuul_log_path_shard_build: true
+    - log-inventory
+
+- hosts: all
+  tasks:
+    - include_role:
+        name: start-zuul-console
+
+    - block:
+        # A regular VM way
+        - include_role:
+            name: validate-host
+        - include_role:
+            name: prepare-workspace
+        - include_role:
+            name: add-build-sshkey
+      when: "ansible_connection != 'kubectl'"
+    - block:
+        # A Pod way
+        - include_role:
+            name: prepare-workspace-openshift
+        - include_role:
+            name: remove-zuul-sshkey
+      run_once: true
+      when: "ansible_connection == 'kubectl'"
+
+    - import_role:
+        name: ensure-output-dirs
+      when: ansible_user_dir is defined
+
+# If there is a registered role (as constructed from project name) try to
+# generate secret-id and leave it at well-known location. The job is then
+# responsible to take it and use. Secret is wrapped with ttl set to job
+# timeout.  Try to do so only if there is zuul_vault variable with role_id set
+# in (We do not use role_id, but just presence).
+- hosts: localhost
+  tasks:
+    - include_role:
+        name: create-vault-approle-secret
+      vars:
+        vault_addr: "{{ zuul_vault_addr }}"
+        vault_token: "{{ lookup('file', zuul_base_vault_token_path) }}"
+        vault_secret_dest: "{{ zuul.executor.work_root }}/.approle-secret"
+        vault_role_name: "{{ ['zuul', zuul.tenant, zuul.project.name] | join('_') | regex_replace('/', '_') }}"
+      when:
+        - "zuul.post_review | bool"
+        - "zuul_vault_addr is defined"
+        - "zuul_base_vault_token_path is defined"
+        - "zuul_vault is defined and zuul_vault.vault_role_id is defined"

zuul.d/container-images/base.yaml

@@ -0,0 +1,12 @@
+# Base image building jobs
+- job:
+    name: zuul-config-build-image
+    parent: otc-build-docker-image
+    abstract: true
+
+- job:
+    name: zuul-config-upload-image
+    parent: otcinfra-upload-image-quay
+    abstract: true
+    vars:
+      upload_docker_image_promote: false

zuul.d/container-images/fedora.yaml

@@ -0,0 +1,20 @@
+- job:
+    name: zuul-config-build-image-f36
+    description: Build a F36 image.
+    parent: zuul-config-build-image
+    vars: &zuul-f36_vars
+      docker_images:
+        - context: containers
+          dockerfile: Dockerfile.f36
+          repository: opentelekomcloud/zuul-fedora
+          tags: ['36']
+    files: &zuul-f36_files
+      - containers/Dockerfile.f36
+      - zuul.d/container-images/fedora.yaml
+
+- job:
+    name: zuul-config-upload-image-f36
+    description: Build and upload a f36 image.
+    parent: zuul-config-upload-image
+    vars: *zuul-f36_vars
+    files: *zuul-f36_files

zuul.d/jobs.yaml

@@ -0,0 +1,62 @@
+# Shared zuul config common to all OpenTelekomCloud tenants.
+# Contains definitions of trusted jobs
+
+
+# Changes to this job require a special procedure, because they can
+# not be tested before landing, and if they are faulty, they will
+# break all jobs, meaning subsequent corrections will not be able to
+# land.  To make a change:
+#
+# 1) Ensure that base-test and its playbooks are identical to base.
+# 2) Make the change to base-test and/or its playbooks.
+# 3) Merge the change from step 2.  No jobs normally use base-test, so
+#    this is safe.
+# 4) Propose a change to a job to reparent it to base-test.  Choose a
+#    job which will exercise whatever you are changing.  The
+#    "unittests" job in zuul-jobs is a good choice.  Use [DNM] in the
+#    commit subject so that people know not to merge the change.  Set
+#    it to "Work in progress" so people don't review it.
+# 5) Once test results arrive for the change in step 2, make a change
+#    which copies the job and/or playbooks of base-test to base.  In
+#    the commit message, link to (without using Depends-On:) the
+#    change from step 4 so reviewers can see the test results.
+# 6) Once the change in step 5 merges, abandon the change from step 4.
+
+- job:
+    name: base
+    parent: null
+    abstract: true
+    description: |
+      The base job for OpenTelekomCloud's installation of Zuul.
+
+      All jobs ultimately inherit from this.  It runs a pre-playbook
+      which copies all of the job's prepared git repos on to all of
+      the nodes in the nodeset.  It runs a post-playbook which copies
+      all of the files in the logs/ subdirectory of the executor
+      work directory to the logserver.
+
+      It also sets default timeout and nodeset values (which may be
+      overidden).
+
+      Responds to these variables:
+
+      .. zuul:jobvar:: base_serial
+         :default: Omitted
+
+         This sets the serial keyword in the pre and post playbooks
+         which can be an integer or percentage.
+
+         See ansible documentation for more information:
+         http://docs.ansible.com/ansible/latest/playbooks_delegation.html
+
+    pre-run: playbooks/base/pre.yaml
+    post-run:
+      - playbooks/base/post.yaml
+      - playbooks/base/post-logs.yaml
+    roles:
+      - zuul: zuul/zuul-jobs
+    timeout: 1800
+    post-timeout: 1800
+    nodeset: pod-fedora-36
+    extra-vars:
+      zuul_use_fetch_output: true

zuul.d/nodesets.yaml

@@ -0,0 +1,6 @@
+### K8 pods
+- nodeset:
+    name: pod-fedora-latest
+    nodes:
+      - name: fedora-pod
+        label: pod-fedora-36

zuul.d/project.yaml

@@ -0,0 +1,9 @@
+- project:
+    merge-mode: squash-merge
+    default-branch: main
+    check:
+      jobs: []
+    gate:
+      jobs: []
+    post:
+      jobs: []