ansible-lint 5.0.9 has merged our NoLogPasswordRule [1]
APTRepositoryCacheUpdateRule is not relevant since
ansible fix has been merged for several years now.
Also ansible-lint provides yamllint check.
This means, we shouldn't really carry custom lint
rules and can jsut use upstream ones.
We also update ansible and collections version to
match with the integrated repo.
[1] 8bef056d69
Change-Id: Ie85d6d0a17849bbc665a7f49644c38b5f6a96bb2
"This option is a no op, and the functionality described
in previous versions was not implemented. This option will
be removed in Ansible v2.8"
Change-Id: If8fdda822903a7cbfbe5eb8c3464b0ca36db33c6
During a test run, iptables is cleared and NATs are implemented by dnsmasq.
On subsequent runs, the clearing of iptables blows out the NATs and the
dnsmasq restart handler is not properly triggered. This patch shifts the task
to where the handler can be properly notified.
Change-Id: I4a274e0bfc6b099dc465ee11087977836b66f249
Statically set ipforward: true for all test bridges to fix centos7 gate
where forwarding is disabled by default. Ubuntu is defaulting
forwarding enabled for all bridges so this will align the forwarding
configuration of centos and ubuntu.
Change-Id: Idbf2bbbdfb0d2c5c3b440ad37004f5768328e7a6
The ip tool on different operating systems is in different paths. This
PR creates a hash with each distro family which is used to set the path
correctly across each distro.
Change-Id: I0f691865b569d7e8b72a15d45cd8547dea45d5d5
Signed-off-by: Kevin Carter <kevin@cloudnull.com>
If we collect selective facts then on centos ansible_br_mgmt leads
to undefined error. It fixes the same.
Change-Id: I4accc9ab8c52a6bdda986c9b222710832e6814eb
The test network setup was using the legacy interface configs and
providing an inconsistent experience. These changes will pull it in plce
with the intergrated repo for all of our distros giving us a very
consistent experience.
Change-Id: I637b048b8c8a3fb44f91e4227a02787eacd32b57
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
When a functional test is run against the same host more than once and
iptables rules are managed by lxc-dnsmasq the rules that lxc-dnsmasq
created during the first run are removed, preventing containers from
accessing external networks.
Add a notify to restart the service and recreate the rules.
Change-Id: Ia3b39c7f81d24de10fe23cb000b1253f4b3dcbfd
These tasks have been moved into the lxc_hosts role therefore
they are not needed in here anymore.
Change-Id: I6ec6832e10018427a9f277fe5d502b5547f6006b
The use of clouds.yaml from the zuul user does not
work for swift due to the mess of delegation and
become. In this patch we ensure that it is also
there for the root user so that the role test can
pass.
This issue does not apply to the integrated repo.
Change-Id: Ia152f9c24e4965f89d9477f4e343428bb04b3c59
Currently there are differing settings for the lxc_* variables
between the test-prepare-host.yml playbook and the test-vars.yml
vars_file. Given that the vars file is used by the same play,
we remove the additional settings given to the roles directly
so that the settings are in one place only.
Change-Id: I1c5813a63c5f4056bb1a2ca306b2bfac2c3d2563
When targeting localhost with 'remote_user: root' and
using 'become: yes' we lose the environment variables
for the user running the playbook (eg: USER, HOME).
However, if we use 'connection: local' and 'become: yes'
together, it works properly.
To ensure these plays have the correct access to change
things on the host, we apply this change to them all.
We also ensure that 'become: no' is explicitly set on
any local connection plays to make the intent more
obvious. Finally, we also use 'yes' and 'no' uniformly.
Change-Id: I6e4607dd4aaffa0bfcda254103697bf9b28eca1a
With the more recent versions of ansible, we should now use
"is" instead of the "|" sign for the tests.
This should fix it.
Change-Id: Ida90a5a717adaf07ebf2ee6f04136fe920cfe46b
It makes no sense to use become when you're connecting to a
host via the root remote_user. As such, we remove all uses of
'become: true' from the test plays with the exception of the
'test-prepare-keys.yml' playbook which uses a local connection
rather than a remote one and it therefore needs to use become.
We also transition all plays to use 'remote_user' which is the
correct parameter to replace 'user' (since ansible 1.4).
Finally, we switch the horizon nova service setup to its own
playbook using a local connection and the upstream keystone
modules.
Change-Id: I20517c22f07b1bb811a51d8c63741604360fe7f8
When placing the clouds.yaml file, it needs to be accessible to
the user running ansible. This user is not necessarily root and
for openstack-infra is a non-root user.
To ensure that the file is placed in the right directory and with
the right permissions, we provide the right variable value to
ansible when it runs the role.
Change-Id: I748b509d24b0060908ac75322dd20062a1515169
In order to allow us to make use of the Ansible shade
modules to interact with the running OpenStack environment
in tests, we execute the openstack_openrc role against
the test host.
The include_vars for the follow-on play is moved to make
it easier to find, and the initial play's 'pre_tasks' are
renamed to 'tasks' as there is no 'roles' implementation
in the play.
Change-Id: Iec4f266324d4e5f81d21163f68f8d5c32c34f86d
Similar to the CentOS case, we should use 'present' instead of 'latest'
for the package state so we don't spend time resolving dependencies,
querying repos etc. The 'present' state can be further improved either
in the zypper itself or in the Ansible module.
Change-Id: I44fae44030af1c9ee88dcc26c6b55c91a2531926
Link: https://github.com/ansible/ansible/pull/37191
Link: https://bugzilla.opensuse.org/show_bug.cgi?id=1084525
CentOS 7 gates timeout more often due to the use of
package_state=latest (the default). This patch allows tests to run
with package_state=present.
This should speed up gate jobs for CentOS 7 and expose more problems
that can be fixed.
Change-Id: I93628a563928ffd6eea1510f6b19233e8cd412a7
Currently the ansible-syntax and ansible-lint tests
assume the playbook to be tested against, the role
requirements file location and a single path for all
roles. This patch allows these to be modified so that
the tests can be used for the integrated repo which
does not have the same structure as the roles.
Various lint failures are no being picked up with
these modifications, so they're resolved using quick
hacks.
Change-Id: I8bea90082dbde7de49c5e2e86d298c017b16591d
The nested loop was wrong since it led to broken entries in the ifcfg
files
POST_UP_SCRIPT="compat:suse:ifup-post-veth-br-vlan-2-eth12"
POST_UP_SCRIPT="compat:suse:ifdown-post-veth-br-vlan-2-eth12"
POST_DOWN_SCRIPTS="compat:suse:ifup-post-veth-br-vlan-2-eth12"
POST_DOWN_SCRIPTS="compat:suse:ifdown-post-veth-br-vlan-2-eth12"
The reason for that was that we added both ifup/ifdown entries on both
the POST_UP and POST_DOWN variables which was clearly wrong. As such,
we adapt the ifup/ifdown lists to include only the appropriate items
for each POST_UP and POST_DOWN variables.
Change-Id: Ibff6be57f0d5cec97b9986a9f6f00903f28ec35c
Escaping the double quotes only makes sense when the entire string
is surrounded by double quotes otherwise invalid entries are being
written to ifcfg files.
POST_UP_SCRIPT=\"compat:suse:ifup-post-veth-br-vlan-2-eth12\"
Change-Id: If97950d360a133a3f8875f29344ccfdb914d7bf5
The correct location is /etc/sysconfig/network/scripts instead of
/etc/sysconfig/network/script for the SUSE compatibility scripts.
This has also been fixed in the ifcfg(5) manpage
Link: https://github.com/openSUSE/wicked/pull/713
Change-Id: I32a9b3edc22a2dc7fdfb4f8da39ba46224b108b8
Commit 0a40e658cd ("SUSE: Remove post-up/post-down scripts from
default ifcfg files") dropped POST_{UP,DOWN}_SCRIPT from the ifcfg
file in the default case so they can only be used when a veth pair
is defined. However, the wrong destination was used in that case since
these statements were added in the script instead of the ifcfg file and
as a result they had no effect.
Fixes: 0a40e658cd ("SUSE: Remove post-up/post-down scripts from default ifcfg files")
Change-Id: I10b86b1bd1cd0a900e045bfc36b59e686888d69d
OpenStack-Infra DNS resolution of
images.linuxcontainers.org is failing
very often. This works around it by
adding the appropriate entries into
/etc/hosts on the host.
Change-Id: I52140423ca476421e66fdc99d4c4128edfdc944f
The tests repo will mount a directory set by the
"development_repo_directory" value into each container at the mount
point located at "development_repo_directory", both of which
default to "~/git/openstack".
Any directories found inside this directory will be used to generate a
"local-package-constraints.txt" pip install constraints file, which will
be used when installing pip packages. This will mean you can override
any pip package with the local repository, and doesn't limit this to
just existing service projects.
Change-Id: I774343234a25063eb320cac85ba696d908f0a416
We do not need to use post-up/post-down scripts in the default ifcfg
files. These scripts are only installed when the ifcfg file handles a
veth pair. So even though we have them in the ifcfg files by default
nothing actually happens when we bring the interface up and down. This
can be very confusing to users who may wonder why we even have these
entries without installing the matching networking scripts.
The previous implementation was not quite correct anyway because
we were using item[0] and item[1] without having nested loops so the
results were sometimes unpredictable.
Change-Id: I14cbf062d67ad4f0e71c0fdeeaa89a4bdc12a4fe
item[0] is always defined in the nested loop so there is no need to
use the default jinja2 filter.
Change-Id: I8977036e85964901fdb8a75a494ab45d543013b2
In Ansible 2.3 the local connection plugin overrides
the host vars for the ansible_python_interpreter,
causing tests to use the wrong interpreter and
install python packages into unexpected locations.
This is especially visible when using host
delegation to localhost instead of the targeting
localhost directly.
To ensure that the behaviour remains consistent with
our expectations all local connection usage for
localhost is removed and localhost is targeted as
a remote host.
Change-Id: Ifcccf3c25aa10085b35017b01644354e10eca15a
There is nothing RedHat specific in these scripts apart from the
DEVICE variable usage. As such, detect the running distro, set a new
variable, and use it in these scripts so they can be shared by both
SUSE and RedHat distributions. Moreover, the 'ip' utility may not
always be installed in the /usr/sbin directory so determine its path
during runtime.
Change-Id: Idec9d9e157422496602858b8a0761ab46f035786
Use 'connection: local' in the test-prepare-containers.yml and
test-prepare-host.yml playbooks similar to the test-prepare-keys.yml
playbook one.
Change-Id: I1e69b72121ac07f23a467c61b9ab5888fc57c275
In Ansible 2.3, 'ansible_user' seems to be undefined unless set within
the inventory for a host. 'ansible_user_id' contains the current user
running Ansible, but is only set after facts are gathered.
Change-Id: Id5b76a87809f03951c954fc3d752419a673403f7
Some tests requiring accessing OpenStack APIs from within a VM may fail
due to networking problems caused by invalid checksums. This change
simply changes the checksum rules from only port 22 to all ports.
Related-bug: #1619730
Co-Authored-By: Kevin Carter <kevin.carter@rackspace.com>
Change-Id: If2e6180ec999f09e89944faa0a2b195dd81fba0e
The postup/postdown was not working because it was not executable, as
well as not being sourced as part of the ifup-post and ifdown-post
scripts.
Change-Id: Ica71a53b3e4d1fe82cd9045ae134372beba3f96c
For nova flat networking to work /w neutron we need to allow an alias
address for some interfaces.
This PR exposes a "alias:" option which is an address that will be added
as an alias for the interface.
For Debian this means an additional block at the bottom of the
configuration file.
For RedHat this means an <interface_name>:0 file is created.
Change-Id: I39c396ce3b6eab321d5eb70645c1d0af71dcf5c6
The test-install-openstack-hosts.yml playbook was only being used by
the openstack_hosts role, being that this is a common setup task used in
various tests this playbook is now being included in the
"test-prepare-host.yml" playbook.
Change-Id: I52cb3f57570f56a9d65efd291945d14b2e729ee6
We moved the openstack_hosts setup into a separate task file so that the
openstack_hosts role could be tested individually, to avoid having to
call this specifically, we should include it in the
test-prepare-host.yml play as well.
This is required for Neutron OVS to work appropriately, and correctly
import the openvswitch module.
Change-Id: I521e80c00070f4338b84de3d61d9739645e00e12
In order for the test repo to work for CentOS properly, we need to be
able to create multiple networks in a more modular way. Additionally, we
should be able to specify a dict of networks to configure and have them
configured.
To allow this to be extended we setup a network interface "type" which
defaults to "default". This should cover all current requirements but
could be extended if needed.
For CentOS/Red Hat specifically, we need to drop down post-up/pre-up
scripts for specific networks - this requires an additional loop task to
ensure the appropriate configuration is dropped down.
This is a precursor for moving Swift and Nova to use the
openstack-ansible-tests repository, both require custom networking which
is not serviced by the current configuration. This is also a precursor
for adding CentOS/RedHat support for openstack-ansible projects.
Change-Id: I5f2446d87ff88f5143b311fd27ab64b476877a1e