It's dangerous to allow a regular user to write into the source code of
the services. The repositories are still writable, so that the
development workflow can still use the ``--develop`` flag to make
modifications.
While here, remove the horribly outdated and broken ANSIBLE_INSTALL_ROOT.
Change-Id: Id2e25dd57668d24a11dc2cd16eea2b607b7a3f16
We don't upgrade ansible in the upgrade jobs because the requirement is
already satisfied according to pip.
Although, we should upgrade ansible as it may differ between releases.
Also perform a clean install if ansible is already present to avoid
conflicts.
Change-Id: I3cb1059408ef069001cde91474c68768315ff784
No code changes required, but the linters job needed fixing since now
it tries to automagically load the collections in playbooks/collections
and fails with "relative resource paths not supported".
Change-Id: Ifa99a4bccc52f095c057a082fbe3d15a1633de9f
For upgrades we need bifrost-cli to always try to setup environment
(e.g. in case of a different ansible version). To avoid polluting
the output, make `set -x` conditional on a new variable BIFROST_TRACE.
Change-Id: I8caea6be0962db0e7019d0aa1484ef2424b7629e
Consolidate variables in env-setup, use double-brackets when needed
to improve readability and portability.
Use the id command to set correct user and group for ansible install
directory.
Change-Id: I14b763890b670e3843c47cdccfb8d572917650ca
Bifrost requires Ansible Collections for certain tasks including
enrollment of nodes. In order for bifrost playbooks to be able to
utilise Ansible Collections, a symlink or an environment variable
needs to point to their install path. This change adds creation of
the symlink to the setup script and a corresponding documentation
update.
Change-Id: I07804a88ed11b0adb6c398743905725c6cdb90d4
- add ansible-collection-requirements.yml so we
can specify the collections we need.
- Changed env-setup to install collections unsing
ansible-galaxy.
- Moved taks "Dynamic enrollment" to use the openstack.cloud
collection
Change-Id: I1cf21a505b923f333b6853944965593170cbe8cd
Updating pip was required long ago to work around Ubuntu and CentOS 7
problems. Now even CentOS 8 has pip 9.0 which should be enough for us.
Also moving binary dependencies to bindep and install them before
we try to install Python dependencies (to be able to compile them).
Workarounds is needed for segfault on Ubuntu because of cryptography:
remove python3-cryptography package and avoid --ignore-installed.
This change makes install-deps work on openSUSE again.
Change-Id: Ib9b81075f35068c046880de46b20f98ef71a8d8e
Remove the outdated ansible-pip-str.py and rely directly on
ANSIBLE_PIP_VERSION to set the installed version of ansible.
Change-Id: I105b85595cfea101bdb747113721536f4a3ef93a
Ansible 2.6 is EOL, we should move to a more recent release that
has better support for Python 3.x and, above all, is maintained
with security and critical bug fixes.
Change-Id: I6aa80b4bc4a0c34ac919951cd940b2fc6b736bdc
Our ansible installation changed quite some time ago,
and it is time to go ahead and remove the outdated reference.
Change-Id: I43c65b742616835662cf5bc3b87a22aa42b79185
Reworked the pip install logic so that we run the pypi
pip installer instead of trying to navigate through running
a pip install and upgrade with setuptools additionally.
These steps were orginally only done in order to force
us to a pip version >= 9.0.1, which is now the default
for Ubuntu Bionic.
Change-Id: Ic3a95973338bbd03061d5b3e4080c0d72d6b891a
- on Ubuntu Xenial, `python-virtualenv` package no longer installs
`virtualenv` shell script.
Change all `virtualenv` invocations to 'python -m virtualenv',
which is more portable.
- in `pip_install.yml`, add `virtualenv_command` argument using
the same portable invocation.
- in `install-deps.sh`, the condition to install `python-virtualenv`
was missing the `not` part
- the venv is created with `sudo` elevation in `install-deps.sh`,
thus in `env-setup.sh` Ansible must be installed into venv
using `sudo` elevation as well.
- in `install.yml`, fix passing `bifrost_venv_dir` var to `pip_install.yml`
Change-Id: Ifaa54a0dc97ed59ca8360e62878b603a04105e46
Instaling and using Ansible from source for bifrost has several
drawbacks, mainly due to how Ansible's 'ansible/hacking/env-setup'
script mangles with PATH and PYTHONPATH, which complicates running it as
part of other scripts. Besides, cloning the whole repo and it's
submodules is somewhat longer.
The main reason why we were doing that at all was a necessity to install
some additional Ansible modules from newer Ansible versions, which we
dropped right into the source of Ansible code - but this does not have to
be so.
Luckily for us, all Ansible versions we target to support can load
modules from 'library' directory next to playbooks/roles,
and we already use that for 'os_ironic_facts' module.
The need to install a particular module can be assessed by running
ad-hoc 'ansible' command against localhost with the module in question
and without any arguments ('ansible localhost -m <module>'):
- if the module is available in Ansible, the stderr will contain
"changed" substring (as part of the standard module output)
- if the module is absent form Ansible, "changed" string will be absent
from stderr too, in which case we can download the module from github
directly into 'playbooks/library' directory.
This patch removes possibility of installing Ansible from source, and
always installs a released Ansible version via pip.
If not installed into venv, Ansible will be installed in user's ~/.local
directory via 'pip install --user'.
The missing but needed modules are downloaded as described above.
Some level of backward compatibility is provided:
- when the ANSIBLE_GIT_BRANCH has form of 'stable-X.Y', the
env-setup.sh script will do the next best thing and install latest
available Ansible version of X.Y.w.z
Also, ANSIBLE_PIP_VERSION can now accept a full pip version specifier:
- if ANSIBLE_PIP_VERSION starts with a digit, this exact version will be
installed (as 'ansible==X.Y.W.Z')
- otherwize this whole variable is assigned as Ansible version specifier
for pip, e.g
env ANSIBLE_PIP_VERSION="<2.2" env-setup.sh
will result in pip being called as
pip install -U "ansible<2.2"
Closes-Bug: #1663562
Change-Id: I2c9f47abbbb6740d03978f684ad2c876749655b7
As of Ansible v2.2 all the missing modules bifrost requires are included
in the pip-installable Ansible package.
Let's allow then for a possiibility for bifrost to install Ansible
directly from PyPI (into the system or in virtualenv) instead
of from cloned source repo.
This patsh first extracts the installation of binary/Python dependencies
and installation of Ansible itself from the "env-setup.sh" script to two
separate scripts "install-deps.sh" and "install-ansible-source.sh".
It also adds a third script "install-ansible-pip.sh" that is called when
environment variable ANSIBLE_FROM_PYPI is set to "True"
(default is "False" for backward compatibility).
It then looks up ANSIBLE_PIP_VERSION env variable (defaults to "2.2")
and pip-installs Ansible of that given version strictly.
Change-Id: Ia72e06d7bf127569d423fa521b8ddab87453809e
In order to support use of keystone, bifrost needs to be able to
install keystone in a minimalistic fashion alongside of ironic.
This commit adds the role, and required changes for that
configuration to be bootstrapped.
Change-Id: Icb1c5dfded5574d901444bbca72e5d74a336093f
Updated the version to be installed to stable-2.1 as well
as updated some of the playbooks that were incorrectly
passing string arguments instead of dictionary arguments
for authentication since Ansible 2.1 has checks that
detect this.
Additionally, updated the task labels used for unsetting
authentiction parameters to be more consistent with the
state of the code.
Change-Id: I8c50cd2a722f2c8fee91fb6ef0761969dd3da138
env-setup.sh got kind of unwieldy and out of sync
with itself. Refactor so we have relatively consistent
package lists, installation checks, etc. for each OS family.
This should be easier to maintain than what we have now
as it's easier to see where additional requirements should
be added.
Change-Id: I8a620a177efd8303bf30ebeb0f6a719a49eedf07
Closes-Bug: #1583803
A couple of playbooks use the 'netstat' utility which is present
in the net-tools package so install it if it's not already present.
It fixes the following problem on a clean CentOS installation:
fatal: [127.0.0.1]: FAILED! => {"changed": true, "cmd": "netstat -apn|grep
LISTEN", "delta": "0:00:00.005074", "end": "2016-08-24 17:14:48.614240",
"failed": true, "invocation": {"module_args": {"_raw_params": "netstat
-apn|grep LISTEN", "_uses_shell": true, "chdir": null, "creates": null,
"executable": null, "removes": null, "warn": true}, "module_name": "command"},
"rc": 1, "start": "2016-08-24 17:14:48.609166", "stderr": "/bin/sh: netstat:
command not found", "stdout": "", "stdout_lines": [], "warnings": []}
Change-Id: I1310f5848c7e71e8bdb91f6fcfaa26ebeeac45e7
Signed-off-by: Markos Chandras <mchandras@suse.de>
Bug https://github.com/ansible/ansible-modules-core/issues/2804 is
reported fixed since January 2016 so restore the Ansible branch to
stable-2.0 to get all the latest fixes.
Change-Id: Ibae26a4378713656e2480f3d4b73e670e5503ae8
Signed-off-by: Markos Chandras <mchandras@suse.de>
Add support for SUSE's zypper package manager in the env-setup.sh
script for deploying Ansible and bifrost's dependencies.
Change-Id: I14a23fe18ac18ee0c06a173015706769b69c5220
Signed-off-by: Markos Chandras <mchandras@suse.de>
This change helps with the remote problem where ansible is installed
on a machine using the same script by User A and User B is also
trying to use ansible using the same method. The change lets each
user have his own copy of ansible installed in a directory of
his/her choosing.
Change-Id: I8fddaaa8cad291da840ac44c4b1e9a7a93f92aee
Signed-off-by: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com>
Partial-Bug: #1589672
Install required development packages for openssl and ffi support using
the yum package manager. This should be applied as a complement of the
patch proposed at https://review.openstack.org/#/c/318943/ which handles
the apt package manager.
Partial-Bug: 1583539
Change-Id: I987237d7e0b247875d7351bd79d387dcb98968a7
On official ubuntu docker images, those libs are not
installed by default and are needed to compile the
python crypto modules.
Change-Id: If73529d2c1f3702ec55ea5520510eaef5016c1ba
The inspection module has been submitted for inclusion in ansible,
and as such a duplicate is no longer required. Removing duplicate
and adding call to retreieve the module if missing.
Change-Id: Ib4b395bee5ae80c4cafc9628710b536db895d952
Riccardo Pittau