This change removes logic for releases older than train, because these
releases are already EOLed. This covers only overcloud-* roles and
playbooks and the other items will be covered by separate changes.
Note that this change also removes the containerized_* variables
because current active releases(>=Train) no longer supports
non-containerized deployment. The containerized_overcloud_upgrade
variable is still left because the variable is still required by
the tripleo-ci-base-multinode-standard job template.
Change-Id: If29ec2c2219a28a1f79db0e552e2c622c0a7bda6
This is used by the services and without setting this
paramter it would pick up the template default which
does not work.
Related-Bug :#1878540
Change-Id: Ia23e4336752bd639f357e036baad3aa0cf6cbf74
- Use recommended flake8 setup in pre-commit
- Removes use of hacking as pre-commit provides the lock-in
- Bumps flake8 to latest stable
- Resolves two ignored rules
Change-Id: I98f382cd2b72345748e40106624c73039e0f0f2c
- run `pre-commit autoupdate` and fixed new issues
- adopted newer pre-commit config for ansible-lint 4.2.0+
- fixed some reported broken rules
- temporary disabled few rules, just to contain the size of of review,
planning to drop/fix them in follow-ups.
Change-Id: I807ba4e919527be56c85ec72d0f4c7148f04e994
- Fixes 206 errors and removed the skip.
- Also replaces revision with latest tag (pushed today)
Bug: https://bugs.launchpad.net/tripleo/+bug/1848512
Change-Id: I69d75ba9de8ab0e91eb45fd4f9febfdb28cdcb3a
Paths to inject-trust-anchor is not valid for newton and ocata.
This commit adds a check to account for the difference
between the old (tht/environments/inject-trust-anchor.yaml) and
new (tht/environments/ssl/inject-trust-anchor.yaml) paths.
Change-Id: Ifa985bdc0d87ef82f6d3fbaad0a23e8932c65322
Even if we changed to using that directory [1], we had missed this
environment.
[1] I53851edbb8bb562dc4194fb99d6ade259227d2f9
Change-Id: I5a905ec7499a6faa08cbcacfccb19a6e424e4a80
Upgrades yamllint to latest version and adots use of its strict
checking.
Fix all known problems reported by yamllint so we don't have to do
that while touching these files.
Change-Id: I4bdc520d9e2aff086c4b463718bc1e053261a4f5
Story: https://tree.taiga.io/project/tripleo-ci-board/task/381
Via I1bfdb6d064f3b10b269dedafd36ca367139fe1df we moved to using
environments/ssl/enable-tls.yaml. The problem is that
the code in roles/overcloud-ssl/library/tls_tht.py assumes that
the parsed yaml file already has the 'resource_registry' key in the
dictionary.
That was true with environments/enable-tls.yaml but is not
true any longer for environments/ssl/enable-tls.yaml.
Since Iaf7386207e5bd8b336759f51e4405fe15114123a in rocky
NodeTLSData is not used anymore, so let's just skip the whole assignment
starting with rocky.
Closes-Bug: #1796626
Depends-On: Ibee6ba188585f80f0f7d136c81146096cb4432c2
Change-Id: I53851edbb8bb562dc4194fb99d6ade259227d2f9
It is not safe to call yaml.load. yaml.load is as powerful
as pickle.load and so may call any Python function and introduce
a CVE.
Change-Id: I45bc62d890795656c6ed4d5fd1aff9c4cd094412
Stackrc is used to be referred via the working_dir path.
Fix the $HOME or /home/{{ undercloud_user }} paths, which only mathche
the default working dir of /home/stack.
Fix openssl commands to refer server-req.pem et al from the
working_dir instead of the current dir.
Additionally, when containerized undercloud, copy stackrc
created by the tripleoclient at the UC user $HOME to the working dir,
where it is expected by quickstart, if given a custom working dir.
Change-Id: Ic5834dbf66471802eb5a9319718d3ba02548236c
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
In cases where TLS and IPv6 is enabled in the overcloud, quickstart
still passed an IPv4 value for PublicVirtualFixedIps. This fixes that.
Co-Author: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Co-Author: Sagi Shnaidman <sshnaidm@redhat.com>
Change-Id: I09849c0915e7de7cf3b6de92457dfb5ff29f05ff
When the undercloud is enabled with TLS, the overcloud needs to trust
the CA, even if the overcloud is not using TLS.
The overcloud-ssl module already skips most of the process when
overcloud_ssl is false. So I removed the skipping of the overcloud-ssl
role from the playbooks in order for the CA injection template to be
generated.
Closes-Bug: #1731282
Depends-On: Ib88f6e4d561f9c8b5ba6215bbd9450a704b74eec
Change-Id: Iae6f1768018d37f898da1ad455475036896189c4
If the undercloud's local CA certificate exists, this sets the overcloud
to trust that certificate. Also, this takes into use the CAMap, which
allows one set several CA certificates for the overcloud to trust.
Change-Id: Ib76fc7bc06f710448226405af20ce18f8e6f3028
When using boolean variables in conditional tests, those variables
should be filtered as '|bool'. Otherwise, they are being evaluated as
a string and return True in any case.
Change-Id: I1e3642cb2d33d839e4808ae79ae991175e32dd0f
Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
When pipe is added to command, it should still exit with its
result code, so save it by setting pipeline option before each
command.
Close-Bug: #1676156
Change-Id: Ibbe49b4a15a5b7825447a563fe35af85fd48b3ff
This patch adds the subjectAltName to the overcloud SSL cert. According
to RFC 3280 [1] this is required, and in fact the Python requests
library issues a warning if it is missing.
[1] https://tools.ietf.org/html/rfc3280#section-4.2.1.7
Change-Id: If15602b3b366117b75a3665d3654139c7541211f
Prepend a timestamp with awk to our deployment and test commands. This
allows html linking from the log servers and also better correlation
with the system logs.
We are not using the "ts" command from the moreutils package to avoid
extra dependencies. The drawback is the lack of sub-second timinig.
It is possible to disable the timestamping by setting the
timestamper_cmd to an empty string.
Also add a README file for the extras-common role.
Closes-Bug: #1673046
Change-Id: I8a2a1e4fde2ba805d3361e2e7a2337e873133ef0
derive a default value for overcloud_public_ip from
undercloud_external_network_cidr. This allows the deployer to set a
single value (undercloud_external_network_cidr) and have all the
defaults adjust accordingly.
Change-Id: Ideaec0e4036785e3c2f3d2859c85df827e624ca1
This will now run bashate on all shell scripts. We could ignore the
following list of bashate errors:
- E006: Line longer than 79 columns (as many scripts use jinja
templating, this is very difficult)
- E040: Syntax error determined using `bash -n` (as many scripts
use jinja templating, this will often fail and the syntax
error will be discovered in execution anyway)
Change-Id: I6f6d454ac54a0ac98d8b8a092fa522cba092a592
Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
Previously the 'flake8' command was running but didn't seem to
check out something in all cases.
- This patch decouples the 'ansible-lint' and the 'flake8' sections
into separated 'testenv'.
- And this patch fixes all the 'flake8' issues.
Change-Id: I30169598d086515121175ca322882ee00f05b913
Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
We need to differentiate local_working_dir from working_dir
as well as decouple the stack user from `ansible_user` var.
Both of these are causing issues as we begin to automate
deployments in more environments.
- Cleanup duplicate variables that are consumed via extras-common
- Note: extras-common depends on the common role in OOOQ
- Cleanup redundant var and superfluous quotes from overcloud-scale
role
- Cleanup redundant comments in <role>/defaults/main.yml
Closes-bug: 1654574
Change-Id: I9c7a3166ed1fc5042c11e420223134ea912b45c5
As more ansible variables are shared or reused across roles it is
important to define these variables in a role that is always
executed. In this case that role is extras-common.
Note: This review is a blocker for https://review.openstack.org/#/c/418998/
Change-Id: I31fd13d7bcb98d73e7f16048c57c027d95faeec5
We have built up a lot of cruft over the months within our roles.
This review aims to clean up the unused sections. Now that we have
each role within a single repository, ensuring a clean house
is even more important than when they were separate.
Change-Id: Ibb34b376c516a09ba0f7fdb02580e8803497fc50