With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Change-Id: I40ff3ec0393bf90836d943fc09e74d6a5f207b48
All references to Gentoo, SUSE, Debian stretch and Centos-7 are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible
Change-Id: I31c5e6cde00cdb7addcc0cb4b1c7a13529ce1e60
This patch updates the meta to reflect it's
support of Debian accordingly
Depends-On: I9a92b73c419a0dc1cca40dacfef75de61a61db94
Depends-On: I4117c0ae8cf7b7aa6e47cdda620657071d3efe71
Change-Id: Id2efd4fa23c8d3b37e8510489e3409c7c2a12370
Given that pymysql is pure python and has no C binding
dependencies, we no longer need the role to install the
MariaDB client libraries.
Change-Id: I308642a6dcfbbec51c6553b81d0565d8b604f10f
In order to reduce the packages required to pip install on to the hosts,
we allow the service setup to be delegated to a specific host, defaulting
to the deploy host. We also switch as many tasks as possible to using the
built-in Ansible modules which make use of the shade library.
The 'virtualenv' package is now installed appropriately by the openstack_hosts
role, so there's no need to install it any more. The 'httplib2' package is a
legacy Ansible requirement for the get_url/get_uri module which is no longer
needed. The keystone client library is not required any more now that we're
using the upstream modules. As there are no required packages left, the task
to install them is also removed.
With the dependent patches, the openstack_openrc role is now executed once
on the designated host, so it is no longer required as a meta-dependency for
the role.
Depends-On: https://review.openstack.org/579233
Depends-On: https://review.openstack.org/579959
Depends-On: https://review.openstack.org/580156
Change-Id: Ic3c0bb31c12a83fe8fe475091e97e5d5537fab6f
With addition of pip_install on every node, we don't
need to have pip_install as a meta dependency.
Depends-On: If3412bb888ebb854874bbc43eb76bfcb3e4a7868
Depends-On: I79ff70c438b44753be2a93f004ebbc46de0a963d
Change-Id: I5a953e17787b36b58b831a3d704cd8f51f2078df
We need to add openstack ansible information in the role
metadata to be able to track role maturity. With it,
we can create a role maturity table and take decisions about
role deprecations.
Change-Id: Ib3a4a97bb75a602346feca9f4c6ac81285a20c98
Add support for the openSUSE Leap distributions. Additionally,
for openSUSE, we need to load some extra apache2 modules which are
not there by default. Finally, Apache on openSUSE configures some
of it's components in httpd.conf and some others in default-server.conf
so it's not possible to drop one of them as that will likely break
Apache. A future improvement would be to drop both and provide a good
httpd.conf template. Until then, we need to drop the default
configuration for the root directory as that breaks Horizon since
it does not allow symlinks and global access to it.
Change-Id: I51613df836c6a507f6f36967c0ce4b76ba9202a9
The update of the apt cache and the package installation
can all be handled in a single task by providing the
package action plugin with the right parameters. This
removes an extra task to optimise execution.
Also, Ansible 2.x allows the package module to consume
the package list in the name parameter instead of using
a with_items loop which further optimises the execution.
The minimum Ansible version is raised to 2.2 due to a
known bug [1] in Ansible's apt module which does not
update the cache properly if the cache update and the
install are combined in a single task.
[1] https://github.com/ansible/ansible-modules-core/issues/1497
Change-Id: Ia15e468a70f1ac90d8b7ce88f930f81e01afa3d4
Starting in Ansible 2.0, the get_url [1] module provides the
ability for a checksum to be provided to the get_url module
which will be verified against the local destination file
and the task skipped if it matches.
[1] http://docs.ansible.com/ansible/get_url_module.html
This patch implements the use of this functionality.
The ability to ignore a venv download failure is also removed
as this is not necessary or desirable. It is better for the
download to fail and the playbook execution to stop immediately
so that the failure point is exposed.
Change-Id: I0e33da0dc601eaa4af06c03a20803fcd01405531
These changes allow the role to be tested on Xenial hosts
while also ensuring that the tests are testing everything
within the container as expected.
Overview:
* Included in this PR is a manual-test.rc. This has been
added to allow developers to run tests locally without
having to invoke tox. This RC file was lifed from the
os_keystone role.
* The git package was added to the install list. This is
needed on the target when the role is running with developer
mode enabled.
* Connection settings within the container create prep playbook
were removed. A``connection: local`` setting forces all
commands to be executed against the host regardless of a
delegated task.
* A task has been added to the horizon role to when SSL is
enabled. This task ensures that that ca certificates are
updated. Without this change, when running on Xenial,
tempest will fail due to the following error:
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
By updating the ca certificats on tempest is able to verify
the certificate and pass the tests. NOTE: This fix came from
the puppet-OpenStack community where they ran into the same
problems in Xenial as discussed here: [0]
[0] - https://irclogs.ubuntu.com/2016/05/18/%23ubuntu-server.html#t13:37
Change-Id: I1e6808c49a8faaba5b2748918be5d6b5a59fd3d1
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The pip_install and pip_lock_down roles have been merged.
Remove pip_lock_down from the role's meta dependencies and test
requirements.
Change-Id: I960a9bfc558efbff8760ffb41d7619260bd59af0
Debian-specific vars and logic have been moved to tasks
that will execute only on those distributions.
Change-Id: I16664a9c4364938a065bf07472e25e93ba1b828c
Implements: blueprint multi-platform-host
This role makes use of the ternary filter which was only introduced in
Ansible 1.9, this patch updates the min_ansible_version to 1.9.
Change-Id: Ia65f0a6674d0eae39b3f8e9b077db0560b4dc00f
The pip_install role is depended on by a lot of other roles, and
therefore sometimes gets processed prior to the pip_lock_down
role resulting in the pip, setuptools and wheels packages being
installed from a source other than the repo server once the repo
server is available. This is not the intended behaviour - the
repo server should always be a the primary source once it's
available.
This patch ensures that the pip_lock_down role is applied before
all the other dependent roles to ensure that the expected
behaviour is followed.
Change-Id: Ic310ea918c3bfe8e63bd684eb3e8b26342299741
One container running infra services, one running Keystone, and another
running Horizon.
Closes-Bug: #1553979
Change-Id: Id67a1d9a0bd6e87427f5b0755f69ea8f77441839
This new role is now providing the ability for a user to pin apt
packages as they see fit. The idea is to allow someone to implement
pinning in a generic way that can be represented as a global variable
or as a hostvar. The new role has been added to all install roles as
a dependency which will allow it to ensure that packages are pinned
everywhere as would be expected.
Change-Id: I354e8515570fa7174366ba57d57aece3c304568e
This change implements the blueprint to convert all roles and plays into
a more generic setup, following upstream ansible best practices.
Items Changed:
* All tasks have tags.
* All roles use namespaced variables.
* All redundant tasks within a given play and role have been removed.
* All of the repetitive plays have been removed in-favor of a more
simplistic approach. This change duplicates code within the roles but
ensures that the roles only ever run within their own scope.
* All roles have been built using an ansible galaxy syntax.
* The `*requirement.txt` files have been reformatted follow upstream
Openstack practices.
* Dynamically generated inventory is now more organized, this should assist
anyone who may want or need to dive into the JSON blob that is created.
In the inventory a properties field is used for items that customize containers
within the inventory.
* The environment map has been modified to support additional host groups to
enable the seperation of infrastructure pieces. While the old infra_hosts group
will still work this change allows for groups to be divided up into seperate
chunks; eg: deployment of a swift only stack.
* The LXC logic now exists within the plays.
* etc/openstack_deploy/user_variables.yml has all password/token
variables extracted into the separate file
etc/openstack_deploy/user_secrets.yml in order to allow seperate
security settings on that file.
Items Excised:
* All of the roles have had the LXC logic removed from within them which
should allow roles to be consumed outside of the `os-ansible-deployment`
reference architecture.
Note:
* the directory rpc_deployment still exists and is presently pointed at plays
containing a deprecation warning instructing the user to move to the standard
playbooks directory.
* While all of the rackspace specific components and variables have been removed
and or were refactored the repository still relies on an upstream mirror of
Openstack built python files and container images. This upstream mirror is hosted
at rackspace at "http://rpc-repo.rackspace.com" though this is
not locked to and or tied to rackspace specific installations. This repository
contains all of the needed code to create and/or clone your own mirror.
DocImpact
Co-Authored-By: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Closes-Bug: #1403676
Implements: blueprint galaxy-roles
Change-Id: I03df3328b7655f0cc9e43ba83b02623d038d214e
Dmitriy Rabotyagov