Commit Graph

35 Commits

Author SHA1 Message Date
Jonathan Rosser 6b062d1de3 Add pki role to local a-r-r
Change-Id: Ic2efb5c510d07ed96e0ae9b867abf61745340088
2021-07-05 10:32:37 +01:00
Jonathan Rosser df9a63ea98 Remove references to unsupported operating systems
All references to Gentoo, SUSE, Debian stretch and Centos-7  are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible

Change-Id: I79f68c467d48b9b50143fd3a11e176f91804e805
2021-03-18 17:01:48 +00:00
Jonathan Rosser 6de26d8519 Use ansible_facts[] instead of fact variables
See https://github.com/ansible/ansible/issues/73654

Change-Id: If64c72dc2ffbf87459b4729b9c03928efbf5177c
2021-03-04 14:24:37 +00:00
Jonathan Rosser 1e8055c5bf Remove support for openSUSE
OpenStack-Ansible no longer supports openSUSE so we can simplify this
ansible role.

Change-Id: I4c53307d0d4f7a72010b878953f34ba0c8784922
2021-02-17 17:31:23 +00:00
Jonathan Rosser 01eecae8d3 Fix linter errors
Change-Id: Ifed6a818868943c19bbdb3620582c2f2aca3b937
2020-10-02 10:40:16 +01:00
Andreas Jaeger 57672cbdf5 Cleanup py27 support
This repo is now testing only with Python 3, so let's make
a few cleanups:
- Remove setup.* files, these are not needed for this repo
- Cleanup */source/conf.py to remove now obsolete content.
- Remove install_command from tox.ini, the default is fine,
  move constraints into deps, cleanup a bit
- Enable warnings for docs building
- Correct ansible search/match tests for ansible 2.9

Depends-On: https://review.opendev.org/726645
Change-Id: Ia5aaa8f41172fe200d1d7ce0c7b6f26f7834e38a
2020-05-10 17:38:52 +00:00
melissaml a02e4a9a51 Replace git.openstack.org URLs with opendev.org URLs
Change-Id: I26e544c0d2a9eb740174a1d4c486b2fb583461dd
2019-05-06 20:06:29 +08:00
Jonathan Rosser e84dfc7ec8 Allow user-defined extra distro packages
This change allows the deployer to specify lists of distro packages
which will be installed in addition to those specified by this role.

Change-Id: I35ac3be4ec61c432492871de80f6d7f29cca828d
2018-08-15 15:44:43 +01:00
Mohammed Naser 1d7fe1e10c redhat: Add the EPEL repository for aria2 and python2-lxc packages
The ARIA2 package is needed from EPEL so we install it inside
the role. Moreover, in order to minimize the potential EPEL vs RDO
package conflicts, we only allow a small subset of packages from the
EPEL repository. This also removes the 'debootstrap' package from
CentOS since it's not needed. Finally, we include the nodepool playbook
from the tests repository in order to populate the necessary CI facts.

Depends-On: https://review.openstack.org/#/c/574801/
Depends-On: https://review.openstack.org/#/c/575059/
Change-Id: Icd4d09a26cd95ecfefec26142723ddffe81aae74
Co-Authored-By: Markos Chandras <mchandras@suse.de>
2018-06-13 13:26:48 +01:00
fpxie cf847ca8da Trivial: Fix the pep8 warning
The yaml should start with "---"

Change-Id: Idc217ee0d4409360c0763779acadf21d39206ff7
2018-05-08 17:34:53 +08:00
Jesse Pretorius 0b4558baeb Remove tests-repo-clone.sh
Now that run_tests.sh handles the tests repo clone, we can
remove the use of the older tests-repo-clone.sh script.

Change-Id: I2da0609609e8f70671b0499f0a5911746985c917
2018-03-28 10:11:44 +01:00
Kevin Carter 7e98da3d0f Convert lxc_hosts role to use simple download URL
For a very long time we've been parsing and using the lxc images as
provided by upstream lxc. While these images are functional there are by
no means optimal. In general they're quite a bit larger than they need
to be and contian a lot of little sharp edges that have cut us over
the years. This change removes all of the lxc image cache parsing and
meta-data linking and simply downloads the rootfs a given url. To
maintain compatibility with the legacy images a script has been created
to parse the image index and return the legacy image url.

The result of this change:

* Access to smaller more optimal base image which is well known by the
  corresponding communities.

* Deployers now have the ability to set and forget the download url for an
  internal image instead of having to create a cache infrastructure
  compatible with the lxc download template.

* Any rootfs tarball will work as an image.

* Fewer tasks are executed and less memory is consumed resulting in faster
  deployment times.

* The base cache has a uniform meta-data setup giving all container
  types the same access to config, devices, and templating.

Change-Id: I1775e775bbb7fe86bdffdd8296c2cff5ebc5bac8
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2018-03-21 23:52:53 +00:00
OpenStack Proposal Bot 9cf9f23021 Updated from OpenStack Ansible Tests
Change-Id: I2924e5270c2f549eab0b4bb9e9be1e98689c7020
2018-02-14 20:04:11 +00:00
Markos Chandras 8a1845c7af tests: test.yml: Use the 'slurp' module to get the SSH key
The lookup() module no longer works with Ansible 2.4 for fetching the
root's SSH key as it fails with the following error:

fatal: [localhost]: FAILED! => {
    "msg": "An unhandled exception occurred while running the lookup
plugin 'file'. Error was a <class 'ansible.errors.AnsibleError'>,
original message: could not locate file in lookup: ~/.ssh/id_rsa.pub"
}

Lets use the 'slurp' module which should work as expected.

Change-Id: If2127c8d4aacb37344f5c2435264aaa0669da618
2018-01-16 12:53:32 +00:00
Jesse Pretorius 0d28eeab56 Fix ansible-lint errors
With the merge of https://review.openstack.org/520177 in the
tests repo some ansible-lint failures which previously were
not being picked up are now detected.

This corrects them.

Change-Id: I3d762e1a2df0a39e2f9082d6c8650706b05b2236
2017-11-19 10:02:01 +00:00
Jesse Pretorius 28a62e408e Initial OSA zuul v3 role jobs
This patch implements an initial set of jobs intended to match
the current job execution method. It does not intend to improve
how the jobs are executed - only to replicate what is currently
in openstack-infra/openstack-zuul-jobs and provide the platform
to iterate on.

Change-Id: I53dfb4f5c24c523d77f9f293d47b7b882aa77bf1
2017-10-17 17:59:49 +01:00
OpenStack Proposal Bot 3db1db689a Updated from OpenStack Ansible Tests
Change-Id: I086511dc130415bc52a3b6c364bf15b421bccb3d
2017-10-13 14:47:46 +00:00
Major Hayden de1b45553e Download LXC image with async via aria2
This patch adds an async task to download the LXC image using aria2
with retries and read timeouts.

Closes-Bug: 1709329
Change-Id: Ib9ec6195dcb7e0e4b18b8526f030e6738f9953e8
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2017-08-15 12:34:26 +00:00
Jesse Pretorius 93c2d32d0c Correct lxc_image_cache_server value
The variable lxc_image_cache_server is shared between
the lxc_container_create role and the lxc_hosts role
in order to make it simpler to override the same value.

The value needs to be a DNS entry, not a URL. This patch
implements a new variable to allow the protocol used to
fetch the images to be set so that the value for
lxc_image_cache_server is uniform between the two roles.

The patch also overrides the value when in nodepool to
the DNS name + path so that the reverse proxy may be
used to improve test success inside nodepool. This is
needed due to poor networking performance when accessing
external sources.

Change-Id: Ia6b149f157e5697d36fdea3dc65cb2ac4815a1a4
2017-08-10 10:54:43 +01:00
Markos Chandras d12a72b81f Work around bad DNS resolution
OpenStack-Infra DNS resolution of images.linuxcontainers.org is failing
very often. This works around it by adding the appropriate entries into
/etc/hosts on the host.

Change-Id: I55a06c1903c4435db6d820e6919daa5f10362031
2017-07-03 22:44:59 +01:00
OpenStack Proposal Bot f089f74c29 Updated from OpenStack Ansible Tests
Change-Id: I53dc7a80a1622b0baabc95dfcc8ba7ae92d9b3d4
2017-06-22 15:19:02 +00:00
Jesse Pretorius 578b1f7dd9 Use zuul-cloner for tests repo in OpenStack-CI
When executing the tests repo clone in OpenStack-CI,
use zuul-cloner instead of git to enable cross-repo
testing. This ensures that if a dependent patch from
the tests repo is noted using 'Depends-On: <change-id>'
in the commit message, that patch will be included.

Change-Id: I87314f8c46554a9b6856078bda61c4775e20243b
Depends-On: Idce7abebf32f24c356a27e099fbca954d917402b
2017-05-04 16:49:39 +01:00
Markos Chandras 09406de86b Add SUSE support
Add support for SUSE based distributions. We also update the bindep.txt,
run_tests.sh and Vagrantfile files from the openstack-ansible-tests
repository except that we use Leap 42.1 because Leap 42.2 does not work
as expected with the currently released bindep (2.3.0).

Change-Id: I5fb94a7cedf9d28816184e3eadd88e42f93295c2
2017-04-25 14:56:33 +01:00
Markos Chandras 23df8f219b Fix role gate tests for Ansible 2.3
'ansible_become' defined as a host_var or in the inventory for a host
has a higher precedence than 'become' defined within a playbook.

In change Id5b76a87809f03951c954fc3d752419a673403f7, 'become' was
defined explicitly for each play running against localhost so
'ansible_become' should be removed from its host_vars.

Change-Id: Ieb55a10e8148b0eb122caccf92702d24ff1a1d0b
Cc: Jimmy McCrory <jimmy.mccrory@gmail.com>
2017-04-25 14:54:56 +01:00
Jesse Pretorius 9af76a5f42 Use centralised test scripts
This patch consumes the test scripts implemented by
https://review.openstack.org/375061 to ensure that
the tests and test preparation is consistent and
more maintainable.

Change-Id: I8ad59bdb2dab0e79bc73d7e4cdb63ef49cbdddba
2016-09-27 16:47:07 +01:00
Jesse Pretorius aca3d5e01d Make the LXC cache prep use the host package source config
Currently the container cache preparation process uses a pre-prepared
LXC base image which includes its own package repository configuration.

This presents a few problems:
- The first packages installed will make use of the base image's
  package repo configuration, resulting in a bypass of local mirrors
  to install the first set of packages.
- A set of vars need to be set in order to have the containers use a
  local mirror, otherwise it'll use the mirrors set in the role's vars
  files. This is counterintuitive.

Another problem introduced by I95c210c83ca968d11ba6f6a36b634bb798fa291f
as a result of the package repository vars moving from the role defaults
to the vars files is that the precedence has changed. The change in
precedence means that a task which sets a fact can't be used to override
the defaults set in the vars file. This method is used in all the role
tests to ensure that the OpenStack-CI repositories can be discovered from
the host and then used.

This patch changes the image cache preparation process to ensure that
the container package repository configuration matches the host
configuration. This is simpler and more intuitive.

Additionally the copy task from the deployment host into the container
cache is set to assume the same destination in the container as the
source (to reduce configuration verbosity), appropriately sets the
leading '0' for the mode (to prevent unexpected surprises), and
appropriately quotes the variable (to ensure forward compatibility
with Ansible 2.0).

Finally, the use of lxc_container_caches in the test configuration
has been removed as it is no longer used.

Change-Id: I420382fd3bbbb5fcae90ae0c6160233202a1a51a
2016-05-18 18:14:17 +01:00
Kevin Carter f5542103b3
Changed for lxc-host setup/build for multi-distro
This change updates the lxc-host setup role to build the lxc cache using the
download template based on default images found here:[0]. These images are
upsteam builds from the greater LXC/D community.

This update adds support for Ubuntu 14.04, 16.04 and RHEL/CentOS 7 container
types and the cache will be generated from the host Operating system.

[0] - https://images.linuxcontainers.org/

Change-Id: Ie13be2322d28178760481c59805101d6aeef4f36
Co-Authored-By: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2016-05-03 08:49:54 -05:00
Jesse Pretorius 587f4e85a0 Allow a list of files to be copied into the container cache
In order to better make use of OpenStack-CI's resources (apt mirrors, etc)
we need to be able to copy configuration files which have been implemented
on the host image into the containers.

This patch provides a facility to do this in a way that provides a new
facility for deployers to use, doesn't affect existing production
environments and is easy for us to consume in gate testing.

A new variable called 'lxc_container_cache_files' is implemented, which
is a list of dictionaries specifying the location of the file on the
deployment system, where to put it in the container cache, and what
attributes to assign the file.

An example of how to use it is included in the role's defaults as a comment.

Change-Id: Ia76b3a791239a07db1cb93636b7d1e23a6a6851c
2016-03-08 13:44:17 +00:00
Jimmy McCrory ad8908a153 Reorder lxc networking tasks
Drop the lxc bridge interface configuration file before checking for,
and bringing up, the lxc bridge interface. Also, put the
lxc-net.override file in place prior to lxc being installed. Without
this file, the lxcbr0 bridge will automatically be created and assigned
an address when the lxc service is started.

Tests has been added and updated to ensure that the lxc bridge interface
configuration file looks as expected and the bridge interface itself
has the expected IP address when overriding the role's default
lxc_net_address variable.

Change-Id: Ie135adf0e458bd964c2d43a645d65907c0a6eac6
2016-03-05 23:05:45 -08:00
Jimmy McCrory 158d035b92 Make corrections to LXC bridge template file
This change adjusts a few of the modifications made to the
lxc-net-bridge.cfg.j2 template file in change
I3c8225124a5f18db81259e1d52d0168ef52c3c17.

The minus signs have been removed from if and endif blocks so that
whitespace is kept intact between sections. The ordering of post-up and
post-down commands has also been changed so that iptables rules are
created before the dnsmasq service is started, as they were previously.

The default value of lxc_net_gateway has also been changed to null so
that it's evaluated as expected. Its current value, none, is evaluated
as a string.

A test has been added to compare the contents of the deployed lxc bridge
interface file with its expected contents.

Change-Id: I39d7b3f40de6ac691550c11d71bb6a182b3452f4
2016-03-05 11:41:31 -08:00
Jean-Philippe Evrard 32b5e89325 Only update apt cache if necessary
Workarounding the upstream ansible apt module bug
documented here:

https://github.com/ansible/ansible-modules-core/pull/1517

For the next versions of ansible we'll be using, we should
check if the apt bug is fixed. When it's fixed, we could
abandon this change and use the standard apt module
with correct cache handling.

Change-Id: I6c1b27ce5479faf96d1dcd30942230fc89fd6451
2016-02-29 12:50:58 +00:00
Jesse Pretorius 76cc8fd362 Update tox config and add bashate E006, E040 exceptions
This patch updates the tox.ini the same bashate exceptions as are
currently in the OpenStack-Ansible playbook repo.

It also ensures that the linters and all lint targets work
appropriately and normalises the tox.ini configuration to use
uniform formatting.

The use of ansible.cfg is removed as there is no way of being
certain which paths can be used without reverting to an ugly
sed hack in the commands. This is why it is preferred to make
use of environment variables which make use of tox's default
substitutions instead. It's a more reliable way of achieving
the goal for the purpose of gating and testing.

The switch to using a git clone instead of ansible-galaxy to
download the plugins is due to the path spec not being able to
work in Ansible 2.x. [1]

[1] https://github.com/ansible/ansible/issues/13563

Change-Id: I1df29fe1f9c2ee2e5370c4dd9f733ae2c697608e
2016-02-12 11:36:17 +00:00
Kevin Carter b5cf284ede
Updates for typos
This change updates a few things that were missed when the role
was cut over.

Change-Id: I38824f82f884958b554b1618fc059a67a03aabdc
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2015-12-09 09:17:00 -06:00
Jean-Philippe Evrard 9a5dab4ca5
Use sudo for role testing
There are 2 ways to realize the privilege escalation
needed for the gate jobs.

1) Editing the playbooks (and hope to not forget to
write the sudo/become lines for every role)
2) Editing the inventory and set the variable there.

I'm taking the second approach with the minimum set
of variables (become_method is sudo by default and
become_user is root by default).

Change-Id: I066ac778f7bf3d3f569791e30067bcab4e8eef6b
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2015-11-25 14:39:11 -06:00
Kevin Carter eb9f3d858b IRR for lxc_host
The change moves the role out from the main repo lxc_host
repository and into its own standalone repository.

Items within this change:
  * The role has been updated to ensure it runs standalone.
  * Tests added to the role within tox.
  * Functional tests added to the role that can either be run
    via the run_tests.sh script or using tox.
  * dev requirements have been updated for testing usecases.
  * Docs added to both the README.rst file as well as the docs
    folder.

Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2015-11-03 04:22:57 -06:00