Stop cloning osism/testbed during deployment

Makefile

@@ -114,9 +114,7 @@ bootstrap: setup create ## Bootstrap everything.
 	  -i ansible/localhost_inventory.yaml \
 	  -e ansible_galaxy=ansible-galaxy \
 	  -e ansible_playbook=ansible-playbook \
-	  -e basepath="$(PWD)" \
 	  -e testbed_cloud=$(CLOUD) \
-	  -e repo_path="$(PWD)/.src/$$(contrib/setup-testbed.py --query "repository_server")" \
 	  -e manual_create=true \
 	  -e manual_deploy=true \
 	  -e ceph_version=$$RESOLVED_CEPH \

ansible/manager-part-1.yml

@@ -5,7 +5,6 @@
   vars:
     ansible_ssh_user: dragon
     operator_user: dragon
-    repo: osism/testbed
     manager_version: latest
 
     venv_path: /opt/venv
@@ -26,20 +25,6 @@
       ansible.builtin.import_role:
         name: osism.commons.repository
 
-    - name: Get home directory of ansible user
-      ansible.builtin.shell: |
-        set -o pipefail
-        getent passwd {{ ansible_user }} | cut -d: -f6
-      args:
-        executable: /bin/bash
-      changed_when: false
-      register: result_home
-
-    - name: Set repo_path fact
-      ansible.builtin.set_fact:
-        repo_path: "{{ result_home.stdout }}/src/github.com"
-      when: repo_path is not defined
-
     - name: Copy SSH public key
       ansible.builtin.copy:
         content: "{{ lookup('file', '.id_rsa.' + cloud + '.pub') }}\n"
@@ -63,13 +48,44 @@
         mode: '0755'
         owner: "{{ operator_user }}"
 
-    - name: Copy testbed repo
-      become: true
-      become_user: dragon
-      ansible.posix.synchronize:
-        src: "{{ repo_path }}/{{ repo }}/"
-        delete: true
-        dest: /opt/configuration
+    - name: Sync testbed checkout to /opt/configuration via ephemeral worktree  # noqa: osism-fqcn
+      block:
+        - name: Create temp dir for ephemeral worktree
+          ansible.builtin.tempfile:
+            state: directory
+            prefix: testbed-sync-
+          delegate_to: localhost
+          run_once: true
+          register: _worktree_tmp
+          changed_when: false
+
+        - name: Add ephemeral worktree at HEAD  # noqa: command-instead-of-module
+          ansible.builtin.command:
+            cmd: git worktree add --detach {{ _worktree_tmp.path }} HEAD
+            chdir: "{{ basepath }}"
+          delegate_to: localhost
+          run_once: true
+          changed_when: false
+
+        - name: Copy worktree to /opt/configuration
+          become: true
+          become_user: dragon
+          ansible.posix.synchronize:
+            src: "{{ _worktree_tmp.path }}/"
+            delete: true
+            dest: /opt/configuration
+            rsync_opts:
+              - "--exclude=/.git"
+      always:
+        - name: Remove ephemeral worktree  # noqa: command-instead-of-module
+          ansible.builtin.command:
+            cmd: git worktree remove --force {{ _worktree_tmp.path }}
+            chdir: "{{ basepath }}"
+          delegate_to: localhost
+          run_once: true
+          changed_when: false
+          failed_when: false
+          when: _worktree_tmp is defined and _worktree_tmp.path is defined
 
     - name: Install python requirements in venv
       ansible.builtin.pip:

playbooks/cleanup.yml

@@ -6,8 +6,9 @@
     - vars/mappings.yml
     - vars/repositories.yml
 
-  vars:
-    basepath: "{{ ansible_user_dir }}/src/{{ repositories['testbed']['path'] }}"
+  pre_tasks:
+    - name: Resolve and verify basepath
+      ansible.builtin.import_tasks: tasks/_basepath.yml
 
   tasks:
     - name: Set cloud fact (Zuul deployment)

playbooks/deploy.yml

@@ -10,9 +10,11 @@
     ansible_galaxy: ~/venv/bin/ansible-galaxy
     ansible_path: "{{ basepath }}/ansible"
     ansible_playbook: ~/venv/bin/ansible-playbook
-    basepath: "{{ ansible_user_dir }}/src/{{ repositories['testbed']['path'] }}"
     manager_address_file: "{{ terraform_path }}/.MANAGER_ADDRESS.{{ cloud }}"
-    repo_path: "{{ ansible_user_dir }}/src/{{ repository_server }}"
+    repo_path: >-
+      {{ (ansible_user_dir ~ '/src/' ~ repository_server)
+         if zuul is defined
+         else (basepath ~ '/.src/' ~ repository_server) }}
 
     manual_create: false
     manual_deploy: false
@@ -35,6 +37,10 @@
 
     _terraform_environment: "{{ terraform_environment | default('ci-ubuntu-24.04') }}"
 
+  pre_tasks:
+    - name: Resolve and verify basepath
+      ansible.builtin.import_tasks: tasks/_basepath.yml
+
   tasks:
     - name: Print used ceph version
       ansible.builtin.debug:
@@ -197,6 +203,7 @@
             -e cloud={{ cloud }} \
             -e terraform_environment={{ _terraform_environment }} \
             -e repo_path={{ repo_path }} \
+            -e basepath={{ basepath | quote }} \
             -e manager_version={{ _manager_version }} \
             {{ ('-e testbed_src=' + testbed_src) if testbed_src is defined and testbed_src else '' }} \
             manager-part-1.yml | tee -a ansible-manager-part-1.log

playbooks/post.yml

@@ -15,8 +15,9 @@
     - vars/mappings.yml
     - vars/repositories.yml
 
-  vars:
-    basepath: "{{ ansible_user_dir }}/src/{{ repositories['testbed']['path'] }}"
+  pre_tasks:
+    - name: Resolve and verify basepath
+      ansible.builtin.import_tasks: tasks/_basepath.yml
 
   tasks:
     - name: Set cloud fact (Zuul deployment)

playbooks/pre.yml

@@ -7,14 +7,17 @@
     - vars/repositories.yml
 
   vars:
-    basepath: "{{ ansible_user_dir }}/src/{{ repositories['testbed']['path'] }}"
     terraformbase_path: "{{ ansible_user_dir }}/src/{{ repositories['terraform-base']['path'] }}"
     terraform_path: "{{ basepath }}/terraform"
     opentofu_version: v1.11.5  # renovate: datasource=github-releases depName=opentofu/opentofu
     opentofu_download_url: "https://github.com/opentofu/opentofu/releases/download/{{ opentofu_version }}/tofu_{{ opentofu_version[1:] }}_linux_amd64.zip"
     wireproxy_version: v1.1.2  # renovate: datasource=github-releases depName=pufferffish/wireproxy
     wireproxy_download_url: "https://github.com/pufferffish/wireproxy/releases/download/{{ wireproxy_version }}/wireproxy_linux_amd64.tar.gz"
 
+  pre_tasks:
+    - name: Resolve and verify basepath
+      ansible.builtin.import_tasks: tasks/_basepath.yml
+
   tasks:
     - name: Set cloud fact (Zuul deployment)
       ansible.builtin.set_fact:

playbooks/tasks/_basepath.yml

@@ -0,0 +1,24 @@
+---
+- name: Resolve testbed checkout root (basepath)
+  ansible.builtin.set_fact:
+    basepath: >-
+      {{ (ansible_user_dir ~ '/' ~ zuul.project.src_dir)
+         if zuul is defined
+         else lookup('pipe', 'git -C ' ~ (playbook_dir | quote) ~ ' rev-parse --show-toplevel') }}
+  # set_fact is stored where basepath is consumed (orchestrator node under
+  # Zuul, localhost locally) - no delegate_to/run_once. The git rev-parse
+  # lookup('pipe', ...) itself always runs on the controller, so the local
+  # branch is only correct when controller == target (true for local runs);
+  # under Zuul the zuul branch is taken and the lookup is never evaluated.
+
+- name: Verify basepath looks like a testbed checkout
+  ansible.builtin.stat:
+    path: "{{ basepath }}/ansible/manager-part-1.yml"
+  register: _basepath_check
+
+- name: Fail if basepath does not look like a testbed checkout
+  ansible.builtin.fail:
+    msg: |
+      basepath ({{ basepath }}) does not contain ansible/manager-part-1.yml.
+      Expected the testbed checkout root.
+  when: not _basepath_check.stat.exists

playbooks/update-stable.yml

@@ -12,7 +12,6 @@
     - vars/repositories.yml
 
   vars:
-    basepath: "{{ ansible_user_dir }}/src/{{ repositories['testbed']['path'] }}"
     terraform_path: "{{ basepath }}/terraform"
     manager_address_file: "{{ terraform_path }}/.MANAGER_ADDRESS.{{ cloud }}"
 
@@ -25,6 +24,10 @@
     _manager_version_next: "{{ manager_version_next | default('latest') }}"
     _openstack_version_next: "{{ openstack_version_next | default('2025.1') }}"
 
+  pre_tasks:
+    - name: Resolve and verify basepath
+      ansible.builtin.import_tasks: tasks/_basepath.yml
+
   tasks:
     - name: Print next ceph version
       ansible.builtin.debug:

playbooks/upgrade-stable.yml

@@ -12,7 +12,6 @@
     - vars/repositories.yml
 
   vars:
-    basepath: "{{ ansible_user_dir }}/src/{{ repositories['testbed']['path'] }}"
     terraform_path: "{{ basepath }}/terraform"
     manager_address_file: "{{ terraform_path }}/.MANAGER_ADDRESS.{{ cloud }}"
 
@@ -23,6 +22,10 @@
     _ceph_version_next: "{{ ceph_version_next | default('reef') }}"
     _openstack_version_next: "{{ openstack_version_next | default('2024.2') }}"
 
+  pre_tasks:
+    - name: Resolve and verify basepath
+      ansible.builtin.import_tasks: tasks/_basepath.yml
+
   tasks:
     - name: Print next ceph version
       ansible.builtin.debug:

playbooks/upgrade.yml

@@ -14,7 +14,6 @@
     - vars/repositories.yml
 
   vars:
-    basepath: "{{ ansible_user_dir }}/src/{{ repositories['testbed']['path'] }}"
     terraform_path: "{{ basepath }}/terraform"
     manager_address_file: "{{ terraform_path }}/.MANAGER_ADDRESS.{{ cloud }}"
 
@@ -27,6 +26,10 @@
     _manager_version_next: "{{ manager_version_next | default('latest') }}"
     _openstack_version_next: "{{ openstack_version_next | default('2025.1') }}"
 
+  pre_tasks:
+    - name: Resolve and verify basepath
+      ansible.builtin.import_tasks: tasks/_basepath.yml
+
   tasks:
     - name: Print next ceph version
       ansible.builtin.debug:

playbooks/vars/repositories.yml

@@ -13,7 +13,3 @@ repositories:
     path: github.com/osism/terraform-base
     repo: https://github.com/osism/terraform-base
     branch: main
-  testbed:
-    path: github.com/osism/testbed
-    repo: https://github.com/osism/testbed
-    branch: main