From 9fb349f367301a57a0a3b36fdee1f5f13215092d Mon Sep 17 00:00:00 2001
From: Alex-Welsh <alex@stackhpc.com>
Date: Thu, 28 Mar 2024 09:44:50 +0000
Subject: [PATCH] Testo 2 - post-review changes

---
 .../workflows/overcloud-host-image-build.yml  | 10 ---
 .../ansible/openstack-host-image-upload.yml   | 72 +++++++++++--------
 .../environments/ci-builder/inventory/hosts   |  3 +-
 3 files changed, 44 insertions(+), 41 deletions(-)

diff --git a/.github/workflows/overcloud-host-image-build.yml b/.github/workflows/overcloud-host-image-build.yml
index ed275351f..fe1bdc713 100644
--- a/.github/workflows/overcloud-host-image-build.yml
+++ b/.github/workflows/overcloud-host-image-build.yml
@@ -185,13 +185,6 @@ jobs:
           cat src/kayobe-config/terraform/host-image-builder/id_rsa.pub >> ~/.ssh/authorized_keys
           cp src/kayobe-config/terraform/host-image-builder/id_rsa* ~/.ssh/
 
-      - name: Update inventory
-        run: |
-          cat > src/kayobe-config/etc/kayobe/environments/ci-builder/inventory/hosts << EOF
-          [seed]
-          builder
-          EOF
-
       - name: Bootstrap the control host
         run: |
           source venvs/kayobe/bin/activate &&
@@ -199,14 +192,12 @@ jobs:
           kayobe control host bootstrap
 
       - name: Configure the seed host (Builder VM)
-        continue-on-error: true
         run: |
           source venvs/kayobe/bin/activate &&
           source src/kayobe-config/kayobe-env --environment ci-builder &&
           kayobe seed host configure -e seed_bootstrap_user=rocky --skip-tags network
 
       - name: Install dependencies
-        continue-on-error: true
         run: |
           source venvs/kayobe/bin/activate &&
           source src/kayobe-config/kayobe-env --environment ci-builder &&
@@ -216,7 +207,6 @@ jobs:
           KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }}
 
       - name: Create bifrost_httpboot Docker volume
-        continue-on-error: true
         run: |
           source venvs/kayobe/bin/activate &&
           source src/kayobe-config/kayobe-env --environment ci-builder &&
diff --git a/etc/kayobe/ansible/openstack-host-image-upload.yml b/etc/kayobe/ansible/openstack-host-image-upload.yml
index e39aa16c0..2c92d2446 100644
--- a/etc/kayobe/ansible/openstack-host-image-upload.yml
+++ b/etc/kayobe/ansible/openstack-host-image-upload.yml
@@ -1,5 +1,5 @@
 ---
-# This playbook is desinged to be used by the overcloud-host-image-build.yml
+# This playbook is designed to be used by the overcloud-host-image-build.yml
 # GitHub workflow to upload newly-built images to a development cloud for
 # testing and use in CI.
 - name: Upload an OS image to Glance
@@ -8,35 +8,47 @@
     local_image_path: "/opt/kayobe/images/overcloud-{{ os_distribution }}-{{ os_release }}/overcloud-{{ os_distribution }}-{{ os_release }}.qcow2"
     image_name: "overcloud-{{ os_distribution }}-{{ os_release }}"
   tasks:
-    - name: Write out clouds.yml
-      copy:
-        content: "{{ lookup('ansible.builtin.env', 'CLOUDS_YAML') }}"
-        dest: clouds.yaml
-        mode: 0664
+    - block:
+        - name: Write out clouds.yaml
+          copy:
+            content: "{{ lookup('ansible.builtin.env', 'CLOUDS_YAML') }}"
+            dest: clouds.yaml
+            mode: 0600
 
-    - name: Write out secure.yml
-      no_log: true
-      vars:
-        - os_secrets:
-            clouds:
-              openstack:
-                auth:
-                  application_credential_id: "{{ lookup('ansible.builtin.env', 'OS_APPLICATION_CREDENTIAL_ID') }}"
-                  application_credential_secret: "{{ lookup('ansible.builtin.env', 'OS_APPLICATION_CREDENTIAL_SECRET') }}"
-      copy:
-        content: "{{ os_secrets | to_nice_yaml }}"
-        dest: secure.yaml
-        mode: 0664
+        - name: Write out secure.yaml
+          no_log: true
+          vars:
+            os_secrets:
+              clouds:
+                openstack:
+                  auth:
+                    application_credential_id: "{{ lookup('ansible.builtin.env', 'OS_APPLICATION_CREDENTIAL_ID') }}"
+                    application_credential_secret: "{{ lookup('ansible.builtin.env', 'OS_APPLICATION_CREDENTIAL_SECRET') }}"
+          copy:
+            content: "{{ os_secrets | to_nice_yaml }}"
+            dest: secure.yaml
+            mode: 0600
 
-    - name: Ensure dependencies are installed
-      pip:
-        name: openstacksdk
+        - name: Ensure dependencies are installed
+          pip:
+            name: openstacksdk
 
-    - name: Upload an image to Glance
-      openstack.cloud.image:
-        cloud: openstack
-        name: "{{ image_name }}"
-        container_format: bare
-        disk_format: qcow2
-        state: present
-        filename: "{{ local_image_path }}"
+        - name: Upload an image to Glance
+          openstack.cloud.image:
+            cloud: openstack
+            name: "{{ image_name }}"
+            container_format: bare
+            disk_format: qcow2
+            state: present
+            filename: "{{ local_image_path }}"
+
+      always:
+        - name: Remove clouds.yaml
+          file:
+            path: clouds.yaml
+            state: absent
+
+        - name: Remove secure.yaml
+          file:
+            path: secure.yaml
+            state: absent
diff --git a/etc/kayobe/environments/ci-builder/inventory/hosts b/etc/kayobe/environments/ci-builder/inventory/hosts
index 49b7be166..c8dba796b 100644
--- a/etc/kayobe/environments/ci-builder/inventory/hosts
+++ b/etc/kayobe/environments/ci-builder/inventory/hosts
@@ -1,3 +1,4 @@
 # A 'seed' host used for building images.
 [seed]
-localhost ansible_connection=local ansible_python_interpreter=/usr/bin/python3
+# localhost ansible_connection=local ansible_python_interpreter=/usr/bin/python3
+builder