From 927bdd2403932d3e60b135b5bbf1b38a77817c46 Mon Sep 17 00:00:00 2001
From: Michael Sherman <shermanm@uchicago.edu>
Date: Fri, 14 Nov 2025 18:58:12 +0000
Subject: [PATCH 1/3] setup basic CI

this method has a bunch of duplication, but makes it easy to start.
Idea is to have one folder under tests for each of edge, baremetal,
kvm, and put a defaults.yml, host_vars, and interface setup script in.

TODO:

* handle post-deploy
* run tempest and/or rally tests
* handle site-config/node_custom_config, if needed
---
 .github/workflows/ci.yml        | 23 ++++----
 .github/workflows/reviewdog.yml | 17 ------
 tests/edge/defaults.yml         | 96 +++++++++++++++++++++++++++++++++
 tests/edge/host_vars.yml        |  7 +++
 tests/edge/setup_ifaces.sh      | 25 +++++++++
 tests/run.sh                    | 56 +++++++++++++++++++
 6 files changed, 193 insertions(+), 31 deletions(-)
 delete mode 100644 .github/workflows/reviewdog.yml
 create mode 100644 tests/edge/defaults.yml
 create mode 100644 tests/edge/host_vars.yml
 create mode 100755 tests/edge/setup_ifaces.sh
 create mode 100755 tests/run.sh

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index ceacbdd4..761cf003 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -4,27 +4,22 @@ name: CI for chi-in-a-box script
 on:
   push:
     branches:
-      - master
+      - stable/*
   pull_request:
     branches:
-      - master
+      - stable/*
 
 jobs:
-  test:
-    name: test cc-ansible
-    runs-on: 	[self-hosted, kvm, ciab, ubuntu-18.04]
+  test_edge:
+    name: Run tests for edge
+    runs-on: 	[ubuntu-22.04]
     env:
       CC_ANSIBLE_SITE: /opt/site-config
     defaults:
       run:
         shell: bash
     steps:
-      - name: Checkout code base
-        uses: actions/checkout@v2
-      - name: init site-config
-        run: "./cc-ansible init"
-        continue-on-error: true
-      - run: "./cc-ansible bootstrap-servers"
-      - run: "./cc-ansible prechecks"
-      - run: "./cc-ansible pull"
-      - run: "./cc-ansible genconfig"
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: run test script
+        run: tests/run.sh edge
diff --git a/.github/workflows/reviewdog.yml b/.github/workflows/reviewdog.yml
deleted file mode 100644
index c8dd4024..00000000
--- a/.github/workflows/reviewdog.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-name: reviewdog
-on: [pull_request]
-jobs:
-  shellcheck:
-    name: check cc-ansible
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: shellcheck
-        uses: reviewdog/action-shellcheck@v1
-        with:
-          reporter: github-pr-review # Change reporter.
-          fail_on_error: true
-          filter_mode: file
-          path: "." # Optional.
-          pattern: "cc-ansible" # Optional.
-          exclude: "./.git/*" # Optional.
\ No newline at end of file
diff --git a/tests/edge/defaults.yml b/tests/edge/defaults.yml
new file mode 100644
index 00000000..ed31ad29
--- /dev/null
+++ b/tests/edge/defaults.yml
@@ -0,0 +1,96 @@
+---
+#################
+# CHI@Edge config
+#################
+
+# CHI@Edge does not enable volumes
+enable_cinder: false
+# We use docker registries instead of glance
+enable_glance: false
+# We don't use heat
+enable_heat: false
+# No ironic, as there are no baremetal nodes
+enable_ironic_ipxe: false
+enable_ironic: false
+# No nova, as we dont use baremetal or VMs here
+enable_nova_serialconsole_proxy: false
+enable_nova: false
+
+# enable doni for edge device management
+enable_doni: true
+# enable blazar, reserve devices
+enable_blazar: true
+blazar_enable_device_plugin_k8s: true
+# enable tunelo, tunnels to edge devices
+enable_tunelo: true
+enable_neutron_wireguard: true
+
+# enable zun, but use compute_k8s backend
+enable_zun: true
+enable_zun_compute: false
+enable_zun_compute_k8s: true
+
+# deploy a k3s server on control nodes
+enable_k3s: true
+
+doni_balena_fleet_mapping:
+  - 'raspberrypi3-64:chi-edge-workers'
+  - 'raspberrypi4-64:chi-edge-workers'
+  - 'raspberrypi5-64:chi-edge-workers'
+  - 'jetson-nano:chi-edge-workers'
+  - 'jetson-xavier-nx-emmc:chi-edge-workers'
+
+  
+k3s_port: 6443
+k3s_server_ip: "{{ api_interface_address }}"
+kubeconfig_path: /opt/site-config/node_custom_config
+k8s_worker_taint:
+    key: "worker-node"
+    value: "true"
+    effect: "NoSchedule"
+zun_tolerate_worker_taint: False
+doni_enable_worker_taint: False
+
+######################
+# Site specific config
+######################
+
+#k3s_server_ip: "129.114.34.130"
+#
+openstack_region_name: CHI@Edge
+chameleon_site_name: edge
+keystone_idp_client_id: keystone-edge-prod
+
+kolla_internal_vip_address: "10.20.111.11"
+kolla_external_vip_address: "129.114.34.129"
+kolla_external_fqdn: chi.edge.chameleoncloud.org
+keepalived_virtual_router_id: "72"
+
+
+# Letsencrypt
+# kolla_enable_tls_external: "yes"
+# kolla_externally_managed_cert: "yes"
+# enable_letsencrypt: yes
+letsencrypt_email: systems@chameleoncloud.org
+letsencrypt_domains:
+  - "{{ kolla_external_fqdn }}"
+
+# Neutron
+neutron_type_drivers: flat,vlan,vxlan,local
+neutron_tenant_network_types: local
+neutron_networks:
+  - name: public
+    bridge_name: br-ex
+    external_interface: neutron1
+    # This should be your public IP block assigned to your deployment.
+    cidr: 129.114.34.128/25
+    gateway_ip: 129.114.34.254
+
+# k3s_cluster_cidr: 192.168.64.0/18
+k3s_cluster_cidr: 100.64.64.0/18
+
+# overrides for CI
+
+enable_central_logging: false
+enable_prometheus: false
+enable_letsencrypt: false
diff --git a/tests/edge/host_vars.yml b/tests/edge/host_vars.yml
new file mode 100644
index 00000000..f4a4466e
--- /dev/null
+++ b/tests/edge/host_vars.yml
@@ -0,0 +1,7 @@
+---
+# Initial assumption is that this is also the deployment node,
+# therefore any provisioning can be done locally.
+ansible_connection: local
+
+network_interface: internal1
+kolla_external_vip_interface: external1
diff --git a/tests/edge/setup_ifaces.sh b/tests/edge/setup_ifaces.sh
new file mode 100755
index 00000000..076c51e6
--- /dev/null
+++ b/tests/edge/setup_ifaces.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+set -euo pipefail
+
+# Function to create veth pair if it doesn't exist
+ensure_veth_up() {
+    local dev1=$1
+    local dev2=$2
+    
+    if ! ip link show "$dev1" &> /dev/null; then
+        sudo ip link add dev "$dev1" type veth peer "$dev2"
+    fi
+
+    sudo ip link set "$dev1" up
+    sudo ip link set "$dev2" up
+}
+
+
+ensure_veth_up external1 external2
+sudo ip addr replace 129.114.34.128/25 dev external1
+
+ensure_veth_up internal1 internal2
+sudo ip addr replace 10.20.111.128/25 dev internal1
+
+ensure_veth_up neutron1 neutron2
diff --git a/tests/run.sh b/tests/run.sh
new file mode 100755
index 00000000..d4094cd4
--- /dev/null
+++ b/tests/run.sh
@@ -0,0 +1,56 @@
+#!/bin/bash
+
+set -euo pipefail
+
+# Function to run a stage with GitHub Actions grouping
+run_stage() {
+    local stage_name="$1"
+    shift
+    
+    if [ -n "${GITHUB_ACTIONS:-}" ]; then
+        echo "::group::$stage_name"
+    else
+        echo "=== $stage_name ==="
+    fi
+    
+    # Run the command and capture exit code
+    "$@"
+    local exit_code=$?
+    
+    if [ -n "${GITHUB_ACTIONS:-}" ]; then
+        echo "::endgroup::"
+        if [ $exit_code -ne 0 ]; then
+            echo "::error::$stage_name failed"
+        fi
+    fi
+    
+    return $exit_code
+}
+
+copy_configs() {
+    cp "./tests/${configdir}/defaults.yml" /opt/site-config/defaults.yml \
+    && cp "./tests/${configdir}/host_vars.yml" "/opt/site-config/inventory/host_vars/$HOSTNAME"
+}
+
+configdir="${1}"
+
+# set hostname to keep rabbit happy
+sudo hostnamectl set-hostname "ciablocal"
+
+run_stage "Install dependencies" ./cc-ansible install_deps
+
+run_stage "Initialize site-config" ./cc-ansible init --site-config /opt/site-config || true
+
+run_stage "Setup network interfaces" "./tests/${configdir}/setup_ifaces.sh"
+
+run_stage "Copy configuration files" copy_configs
+
+run_stage "Bootstrap servers" ./cc-ansible bootstrap-servers
+
+run_stage "Deploy services" ./cc-ansible deploy
+
+# run_stage "Post-deploy" ./cc-ansible post-deploy
+
+# run_stage "Run tests" ./cc-ansible run-tests
+
+echo "All stages completed successfully!"

From a98240b978510467dbcdc468993816c72977b482 Mon Sep 17 00:00:00 2001
From: Michael Sherman <shermanm@uchicago.edu>
Date: Mon, 17 Nov 2025 19:44:12 +0000
Subject: [PATCH 2/3] bump KA with basepath fix

---
 src/kolla-ansible | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/kolla-ansible b/src/kolla-ansible
index 568df787..05203a70 160000
--- a/src/kolla-ansible
+++ b/src/kolla-ansible
@@ -1 +1 @@
-Subproject commit 568df787eeba52116c081ba575c60152242d7135
+Subproject commit 05203a70c062c6ced10e05ada427707964d95f90

From cb95464c17bde5a2622d2153034c723043842df8 Mon Sep 17 00:00:00 2001
From: Michael Sherman <shermanm@uchicago.edu>
Date: Mon, 17 Nov 2025 19:51:30 +0000
Subject: [PATCH 3/3] always install yq during install_deps

previously, we would skip updating yq if it was found in the path
however, if already present in the system, installation to the venv
would be skipped. Instead, always update it.
---
 cc-ansible | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/cc-ansible b/cc-ansible
index ff99bddf..8733c80c 100755
--- a/cc-ansible
+++ b/cc-ansible
@@ -88,11 +88,9 @@ install_deps() {
 
   # Update/install yq, adding it to the venv bin path
   YQ_VERSION=4.9.6
-  if [[ "$(type -t yq)" != "file" ]]; then
-    YQ_BINARY="yq_linux_amd64"
-    wget https://github.com/mikefarah/yq/releases/download/v${YQ_VERSION}/${YQ_BINARY}.tar.gz -O - \
-      | tar xz && mv ${YQ_BINARY} "$VIRTUALENV/bin/yq"
-  fi
+  YQ_BINARY="yq_linux_amd64"
+  wget https://github.com/mikefarah/yq/releases/download/v${YQ_VERSION}/${YQ_BINARY}.tar.gz -O - \
+    | tar xz && mv ${YQ_BINARY} "$VIRTUALENV/bin/yq"
 
   # install kolla-ansible galaxy deps. We use a subshell to drop back out of the venv afterwards
   (source "${VIRTUALENV}/bin/activate" && kolla-ansible install-deps)