From 664a79f42f91a10eb919bf65ecc19984b5f1b0a3 Mon Sep 17 00:00:00 2001
From: Grzegorz Koper <grzegorzk@stackhpc.com>
Date: Tue, 25 Mar 2025 18:47:39 +0100
Subject: [PATCH] Disable firewalld in Bifrost container

Not needed inside the container, as firewalld runs on the host.
It was failing bifrost deploy jobs on Rocky.

Make directory creation idempotent during bootstrap.

Fix Bifrost tests by using python-ironicclient instead of python-openstackclient, which is not installed in the container.

Change-Id: I5b85efe655978214ad02abf3cda4c4d2b9649add
---
 ansible/roles/bifrost/tasks/bootstrap.yml      | 2 +-
 ansible/roles/bifrost/templates/bifrost.yml.j2 | 3 +++
 tests/test-bifrost.sh                          | 8 ++++----
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/ansible/roles/bifrost/tasks/bootstrap.yml b/ansible/roles/bifrost/tasks/bootstrap.yml
index 90baf486f8..c6533d87d2 100644
--- a/ansible/roles/bifrost/tasks/bootstrap.yml
+++ b/ansible/roles/bifrost/tasks/bootstrap.yml
@@ -27,7 +27,7 @@
   become: true
   command: >
      {{ kolla_container_engine }} exec bifrost_deploy
-     bash -c 'mkdir /root/.ssh ; mkdir /home/ironic/.ssh;
+     bash -c 'mkdir -p /root/.ssh ; mkdir -p /home/ironic/.ssh;
      cp -f /etc/bifrost/id_rsa /root/.ssh/id_rsa &&
      cp -f /etc/bifrost/id_rsa.pub /root/.ssh/id_rsa.pub &&
      cp -f /etc/bifrost/ssh_config /root/.ssh/config &&
diff --git a/ansible/roles/bifrost/templates/bifrost.yml.j2 b/ansible/roles/bifrost/templates/bifrost.yml.j2
index f2174cb201..e7014a64f5 100644
--- a/ansible/roles/bifrost/templates/bifrost.yml.j2
+++ b/ansible/roles/bifrost/templates/bifrost.yml.j2
@@ -36,3 +36,6 @@ tls_root: "/etc/bifrost-certs"
 
 # Whether to enable the legacy ironic-inspector service.
 enable_inspector: "{{ bifrost_enable_ironic_inspector }}"
+
+# Disable firewalld
+use_firewalld: false
diff --git a/tests/test-bifrost.sh b/tests/test-bifrost.sh
index 0692dfcbde..b8017c026f 100755
--- a/tests/test-bifrost.sh
+++ b/tests/test-bifrost.sh
@@ -14,7 +14,7 @@ function test_bifrost {
     # TODO(mgoddard): Use openstackclient when clouds.yaml works. See
     # https://bugs.launchpad.net/bifrost/+bug/1754070.
     attempts=0
-    while [[ $(sudo ${container_engine} exec bifrost_deploy bash -c "OS_CLOUD=bifrost openstack baremetal driver list -f value" | wc -l) -eq 0 ]]; do
+    while [[ $(sudo ${container_engine} exec bifrost_deploy bash -c "OS_CLOUD=bifrost baremetal driver list -f value" | wc -l) -eq 0 ]]; do
         attempts=$((attempts + 1))
         if [[ $attempts -gt 6 ]]; then
             echo "Timed out waiting for ironic conductor to become active"
@@ -22,9 +22,9 @@ function test_bifrost {
         fi
         sleep 10
     done
-    sudo $container_engine exec bifrost_deploy bash -c "OS_CLOUD=bifrost openstack baremetal node list"
-    sudo $container_engine exec bifrost_deploy bash -c "OS_CLOUD=bifrost openstack baremetal node create --driver ipmi --name test-node"
-    sudo $container_engine exec bifrost_deploy bash -c "OS_CLOUD=bifrost openstack baremetal node delete test-node"
+    sudo $container_engine exec bifrost_deploy bash -c "OS_CLOUD=bifrost baremetal node list"
+    sudo $container_engine exec bifrost_deploy bash -c "OS_CLOUD=bifrost baremetal node create --driver redfish --name test-node"
+    sudo $container_engine exec bifrost_deploy bash -c "OS_CLOUD=bifrost baremetal node delete test-node"
 }