Commit Graph

41 Commits

Author SHA1 Message Date
Dmitriy Rabotyagov d9df50f4e3 Retire pip_install role
As repo_build role has been succesfully replaced with
python_venv_build role, we have no need in it's futher maintaining and
releasing.

Depends-On: https://review.opendev.org/717715
Change-Id: Ibf9ce1d602c5cfa9ed7431ca37de02df3335b36a
2020-04-06 14:27:00 +00:00
Guilherme Steinmüller 3f2250eacb debian: add support
This patch updates the meta to reflect it's
support of Debian accordingly as well as rename
ubuntu vars file to debian.

Change-Id: I82d7b4d30d8e9a4d5314f5ca9c19d4d36fc0fb70
2019-04-08 21:45:39 +00:00
Marc Gariepy 2e50e9c4cb remove yum priority
In the past we were using priority in order to mask package from epel.
now we only install epel with a very limited list of allowed pkg and only when
needed. This patch remove the priority for yum repos.

Change-Id: Ic6525e013b96e00d115d13a2b9e8fb00c3000127
2018-06-21 09:14:28 -04:00
Markos Chandras 68aca9603f SUSE: Add support for openSUSE Leap 15
Depends-On: https://review.openstack.org/#/c/572109/
Change-Id: Id44db677289d84b794c2183060a2350587265a0b
2018-06-05 09:04:04 +01:00
Jean-Philippe Evrard fa0d818652 Add Bionic testing
Now that bionic testing is added into the tests repos, we can
start testing it in the repo.

Ubuntu 16.04 and Ubuntu 18.04 var files are identical, and
therefore merged into one.

Depends-On: https://review.openstack.org/#/c/566959/
Change-Id: Id4d84cbe689bf49dbaadd43862f889572f3e648a
2018-05-14 20:58:38 +02:00
Jean-Philippe Evrard a6216fa4a8 Cleanup pip install role
With the change in openstack_hosts repo, we can remove
duplications in the pip_install role.

Depends-On: I541287f906a143ed79553c69e1a9e39ee38dc8dc
Change-Id: I1afc143579689a690eddbbf2423a4cd0501f9688
2017-12-01 03:22:36 +00:00
Markos Chandras 991e886e28 vars: Explicitly pull the openssl package
We are using the openssl package in various places but we never
actually pull it explicitly. Ubuntu pulls openssl as a dependency of
the lxc-templates package in the lxc_hosts role, and on openSUSE the
libopenssl-devel package requires openssl. However, on CentOS nothing
really requires the openssl executable (at least until it's needed in
the lxc_container_create role) so we may end up trying to use it
and fail if it's not already installed on the host. In the OpenStack
CI the openssl package seems to be pulled as a dependency of the
'unbound' package.

This fixes the following issue in the lxc_container_create role
when running on CentOS

"/usr/local/bin/lxc-veth-wiring: line 24: openssl: command not found"

Change-Id: Ifa6e2e476710a61a632dba8fedec786c58ae93c2
2017-11-21 15:05:42 +00:00
Major Hayden 132c6c15e5 Copy RPM keys into correct place
This patch copies the RPM keys into /etc/pki/rpm-gpg/ and
maintains their original names. This should allow the LXC
cache process to copy over the keys.

Depends-On: Icfd7e2b110541f85bf98efc384a9698dbbbd9682
Change-Id: I8acf7237c1bcbf7dc98d08aa5907972b69574bba
2017-10-26 12:09:23 +00:00
Jean-Philippe Evrard 8d8a578280 Vendor in the RDO GPG keys to install
This way we avoid all networking failures.

Change-Id: I07b04301629e3b2a176c210ed7989f8d699b7e8c
2017-10-25 15:55:39 +00:00
Andy McCrae 21225ae9cb Change repo name openstack-ocata to openstack-pike
The repo is correctly configured, but the name is not.

Change-Id: Ia649a74fcb793ca8f3597445362eaddf7f42674d
2017-10-24 14:29:16 +01:00
Major Hayden a32869fc32
Optimize pip_install for CentOS
This patch does quite a few things to improve the performance of the
CentOS tasks:

1) Configures RDO repos as repositories rather than reinstalling an
   RPM each time.
2) GPG keys are only installed if they're needed.
3) Yum repo configs are carefully modified if they already exist
   which avoids removing deployer configurations.
4) Repo priorities are now set in one shot.

Change-Id: I0fe7f7ee0a9b580280c59f950277d2b9474e4210
2017-09-19 11:20:47 -05:00
Major Hayden 80594e3787
Don't install any packages via pip
This patch ensures that we don't install any packages outside of a
virtualenv with pip.

CentOS has issues with python modules which are installed with pip
and are later installed with yum. Yum doesn't understand how to deal
with a package installation when some files are already there from
that package.

Closes-Bug: 1715888
Change-Id: I79e439f73e9d2790cb7a1327c1e1f4808b073e46
2017-09-11 09:53:03 -06:00
Jenkins 75ee1e18e5 Merge "Use RDO Pike repository" 2017-09-07 16:41:24 +00:00
Markos Chandras 0544c622b2 SUSE: Add ability to configure external mirror for openSUSE
Allow deployers to choose a specific mirror by setting the
'pip_install_opensuse_mirror_url' variable

Change-Id: I4f4cc284ab7d1c3378e01737f9fade3afe251824
2017-09-07 10:22:44 +01:00
Major Hayden fabe518a67
Use RDO Pike repository
This patches switches CentOS over to the new Pike RDO repository.

Closes-Bug: 1715239
Change-Id: I359c214e9b5d0d31b0b84d4d74d2d8bc0f872f8a
2017-09-05 15:48:24 -05:00
Markos Chandras cbe0abb99e vars: SUSE: Switch openSUSE repository to Pike release
The OpenStack Pike repository is ready for general consumption so move
away from Ocata.

Change-Id: I54579ad8b2cff96e5811baa0705179d4e9bd4c34
Link: http://lists.openstack.org/pipermail/openstack-dev/2017-August/121583.html
2017-09-04 10:06:56 +01:00
Major Hayden f79deb3c7c
Ensure Ceph/Storage repos are removed
The Ceph/Storage repositories from CentOS can cause issues with
OpenStack installations, including delays and package conflicts.
This patch ensures that the repositories are not present on the
system.

Change-Id: I97a95032c720b80eec8c21d5dc1c6ebe1caa7d70
2017-08-21 07:36:12 -05:00
Jenkins 7ed8881ecc Merge "Update UCA to Pike" 2017-07-17 16:36:43 +00:00
Jesse Pretorius 7a9bef3b51 Update UCA to Pike
The UCA Pike repository is now available, so
we should use it.

Change-Id: Ie77e4010f9c9446eacc6063125b30d3f2be74ad6
2017-07-14 14:11:29 +01:00
Jesse Pretorius dfb91fbaec Minimise distro packages installed
The current package install set is quite broad
for xenial. This reduces the set and ensures that
the pip packages installed are appropriate based
on the python version used for each distro.

ndg-httpsclient specifically is only required
for python<2.7.9

Change-Id: I65d05f6fd187b896e5e710f9d95f89bf769ecc60
2017-07-14 14:07:55 +01:00
Markos Chandras 26432f4f95 SUSE: Add the Cloud:OpenStack:Ocata repository
The OBS Cloud:OpenStack:Ocata repository contains most of the necessary
packages to deploy an OpenStack cloud so it's best to have it installed
as soon as possible.

Change-Id: I131558011d056da63f03a6e7d8276d93c594c9aa
2017-06-06 15:16:48 +01:00
Major Hayden 1a9f2124ef
Pass list for package install
Ansible 2.x allows for packages to be passed as a list directly to
the `name` argument. This patch moves the EPEL packages into a list
and converts all package install tasks to pass a list directly
rather than looping over a list with with_items.

This should speed things up a bit. ;)

Change-Id: I0c185ad9d2a69f5625309d77a30536d2d373b2b5
2017-04-24 07:44:06 -05:00
Markos Chandras f5cd194ad6 SUSE: Add missing pre_install_zypper file for SUSE
Add missing pre_install_zypper file to SUSE which is required
by the pre_install.yml play. This also renames the SUSE variables
file to suse-42.yml to match the rest of the distributions.
Finally, the run_tests.sh, Vagrantfile and bindep.txt files are
synced with the openstack-ansible-tests repository.

Change-Id: I2fb733f5818098486e26ca7fb2ac015f02e3aa44
2017-04-10 23:16:25 +01:00
Major Hayden 8596751f1d Install/configure EPEL/RDO w/priorities
This patch installs EPEL and configures the priority of the RDO repo
to be higher than EPEL so that packages from RDO will always be
preferred.

Change-Id: I892096c89d349fa4cfb3f110c8576b5d7c2f41ef
2017-03-09 08:15:56 -06:00
Major Hayden 4e6188b4c0
Use yum priorities for RDO
This patch installs the yum priorities plugin and ensures that RDO
has a higher priority than EPEL. This ensures that the packages from
the RDO repository are preferred over those from EPEL.

Related-bug: 1670012
Change-Id: Ib31e8379f98c91707e9e09207b873f3f597679e6
2017-03-07 08:25:37 -06:00
Major Hayden fafa6ea3c4
Remove EPEL and use RDO instead
This patch removes the epel-release package whenever the pip_install
role is applied and should eliminate package conflicts between RDO
and EPEL. The RDO package path is also adjusted to download the RDO
package from repos.fedorapeople.org (which slashes 3 HTTP redirects
out of the 5 when using rdoproject.org).

This is a breaking change for OSA deployments which are already
deployed on CentOS. Some containers may need to be rebuilt after
making this change.

Related-bug: 1670012
Change-Id: I2e69fac6368c032e237ca35839dd09dab9b0c5c0
2017-03-06 09:40:27 -06:00
Jean-Philippe Evrard fa1e102426 Install python2-pyOpenSSL package on CentOS
Package pyOpenSSL is obsoleted by python2-pyOpenSSL.

Change-Id: I094f6aa8f3043aca42a48e56c012d8aab357104c
2017-03-03 20:30:44 +00:00
Jean-Philippe Evrard 3a6cc1a44c Use an explicit version of urrlib3
If not forcing to install urllib3, ansible on the target node
will reuse the urrlib3 from site-packages, which could be older
than the one in global-requirements, because ansible doesn't
list it in its dependencies, so we don't explicit force a
certain version to be installed.

On my machine, I had an urllib3 installed with a version of
1.7.1, and the get_url/uri modules with https had SSL issues.
Moving to a more recent version urllib3 fixed it.

Change-Id: Id249d8f3aa9adab3d3b86a95bcd518c927d6a45b
2017-02-28 15:30:26 +00:00
Jean-Philippe Evrard 1de94eb012 Use RDO package for master and ocata
This brings more recent version of packages (needed for
liberasure).

Change-Id: Id68a300c8060561a82dbba5f9499c9da984dd969
Co-authored-by: Marc Gariepy <gariepy.marc@gmail.com>
2017-02-23 11:42:13 -05:00
Markos Chandras 1a378b5ddb vars: suse.yml: Add SUSE support
Add new variables file for SUSE based distributions. SUSE doesn't
provide a keyring package and all requires packages are available in
the default repositories so we skip the relevant tasks.

Change-Id: Ied2960ba3870da8dd88c6f616357ace359b83694
2017-02-16 09:32:54 +00:00
Jean-Philippe Evrard bc7cb2da8f Remove duplicate package
Package was listed twice. Useless.

Change-Id: I7411ffd0e3d9d2db541c282595c10b15d42682a0
2017-02-10 11:18:16 +00:00
Jean-Philippe Evrard fe4fa18822 Use RDO/UCA everywhere
The pip_install role installs binary dependencies, like python-openssl
(on Ubuntu), or pyOpenSSL (on Centos).

By default, we didn't configure extra sources (like UCA or RDO)
in the pip_install role. Because the repo is built using UCA or RDO
(current default), we could have inconsistency issues:
containers that haven't UCA or RDO applied during their role execution
would run with a venv packaged for a different python-openssl
(or python-cryptography).

This commit brings the consistency by installing UCA/RDO everywhere.

Closes-Bug: 1624791

Change-Id: I9b5cd40b2972c93af348d4ddfde21a038cf9becc
Signed-off-by: Jean-Philippe Evrard <jean-philippe.evrard@rackspace.co.uk>
2017-02-07 13:36:47 +00:00
Andy McCrae 13ef48e525 Remove Trusty support from pip_install role
Change-Id: Ifcc496d46e3fb340860904fa7f51804502cd6e99
Implements: blueprint trusty-removal
2016-12-15 15:14:13 +00:00
Logan V 379048a8f4 Conditional switch to install compiler
Adds a conditional switch to install the compiler and python
development libraries. The switch is enabled by default to
preserve the old behavior.

Change-Id: If484e14a49c97467a38f9ab6e4b0e3351f60d4ed
2016-12-12 12:40:51 -06:00
Logan V 8236a981a5 Remove unnecessary package installs
Xenial PIP installs do not need all of the extra packages laid
down on the host for SNI support like Trusty did.

Change-Id: Ia3fe82b78ef06d8b8d90eb5071bf0e284dba38b9
2016-12-10 12:20:25 -06:00
Jesse Pretorius d9007f24ec Be more specific about Red Hat version for vars
Ansible 2.2 appears to have a scoping issue of some sort
and discovers a different vars file when doing with_first_found
for pip_install as a dependent role.

This patch changes the vars file name in the hope that Ansible
finds this vars file before others.

Change-Id: I06652274adcdd50f4db3ac9e9934b3f68894c6ba
2016-11-04 10:46:07 +00:00
Jesse Pretorius 2aa35cd95d Rename package lists (and related vars) appropriately
In order to make it easier to differentiate between the lists of
python packages, distribution packages, downloaded packages,
package pins and other similar variables the variable names are
being changed to ensure that they have a more explicit suffix
that defines the purpose and makes the naming more consistent.

This is to facilitate a lookup plugin which will be able to look
up all the package lists and present them as a consolidated piece
of data which may be used for artifact preparation.

Change-Id: Ib7e0d248ca50198ed3d3b5623feafdad26f5df63
2016-08-30 20:05:14 +01:00
Kevin Carter 986039623a
Move required and pip packages lists into an ansible task
The "pip_packages" and "pip_required_pip_packages" have been moved
from the pip install task using the get-pip.py script because recent
versions of setuptools are failing to be installed.

Example Error: http://paste.openstack.org/show/560715/

To resolve this issue the process was broken into two parts.

Additionally when using this role outside of the gate, or in
any environment where there is not a set of pre-built wheels
available the role fails due to missing build packages.

Example Error: http://paste.openstack.org/show/560716/

To resolve this the missing packages have been added to this role.

Change-Id: I40dc3a864872dcd0ecb2d5617f652d476fd48d40
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2016-08-18 08:46:48 -05:00
Steve Lewis c1323f2d77 Install required packages for get_url module
To prevent Ansible get_url module from generating SNI warnings
several system packages are being installed so that system python
will allow us to get pip and install it.

The strategy for using system pip to install the python packages
to prevent SNI warnings causes additional issues as system package
pip versions may be broken in spectacular ways which prevent us from
upgrading to pinned versions of each of pip, setuptools, wheel.

Change-Id: I45e3eff716dba4fb2926794bc25bfb079bb328bf
Closes-Bug: 1612377
2016-08-13 03:28:21 +00:00
Andy McCrae 3c2dfbcce9 Fix dependencies for cryptography pip install
As a result of https://review.openstack.org/#/c/351482 the cryptography
pip package is installed as a requirement. This fails without the
apt/yum depencies on the libssl-dev/openssl-devel and
libffi-dev/libffi-devel packages.

This causes failures to other xenial gates. Adding these apt/yum package
installs resolves this.

Change-Id: Ic55f19978a8251ed0828a300df4a7b832ec4f186
2016-08-11 08:57:16 -05:00
Kevin Carter 30d59585e8
Add SNI support via pip
Some Linux distribution releases, such as CentOS 7 and Xenial, have
trouble validating SSL certificates when using get_url with servers
that use Server Name Indication (SNI).

This patch adds packages for those distributions that allow Python
to validate connections with servers using SNI.

Change-Id: Idcf773e16d62d2ad76d9341177dd4d6c3e410af3
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2016-08-05 18:44:02 -05:00