With the switch to tripleo_free in stable/train, we can no longer
reliably use handlers. That being said, handlers don't make sense when
you are forcing them to run with a flush handlers anyway. So this change
takes the code we used in the handler and makes them explicit tasks in
the required locations where we used to do a flush handlers. This
change should also improve the scope of some tasks to only occur when
necessary.
Change-Id: I1e31af24a4c1b9356a5971c6c1cb717d39d1e9b2
Closes-Bug: #1909750
1) Bump pyflakes
We need a python 3.9 compatible version.
Related PyCQA/pyflakes #367
2) Fix missing permissions on files
3) Ignore ansible-lint 106 for role name
4) Fix setup-tools install LP#1902986
5) ensure virtualenv is installed
6) fix missing htpasswd
Change-Id: I8302bc6c9250eba78437ccfec35e4de91348333e
Back in Openstack Pike release we hit issue with docker having
changes applied via puppet causing restart of docker service
without --live-restore option. This approach was buggous from the
begining and it's definetly obsolete here. We do only minor updates of
OS during release so we do only patch level updates of docker.
Change-Id: Iff4823d72c4d50838b6997398b23e76cec50ca56
RefBug: #1747851
Closes-Bug: #1851872
With the upcoming activation of RHEL8 pipeline, we decided with infra it
was better to switch rdo registry to restricted access.
This means that all the job in rdo must login to registry to pull
containers.
All the Centos7 jobs must now call this role to login to the registry,
so we are expanding the login part to satisfy the workflow
RHEL8 job with podman will use a internal role instead.
Change-Id: I6e55bdcf493d04bfc88ae22154124a7888563147
When we run this, if we try to evaulate this without the variable being
set it errors. We assume empty if the variable is unset.
Change-Id: Ic6eea050cd627d9d09745bf194c2dd36b015e6ff
Closes-Bug: #1835657
This change adds molecule testing using a simple base job and pre|run playbooks.
The test will be executed via a native zuul job and will ensure we're exercising
all of the available code path's as provide by this role.
Two molecule scenarios will be executed whenever any change is made to this role
* default - runs through the typical main code path
* login - tests a secure docker registry ensuring our login capabilities are
never broken.
Documentation in the readme has been added to show how local testing can be run.
A bindep.txt file has been added to ensure zuul knows how to install our
required base packages.
Closes-Bug: #1835657
Related-Bug: #1833584
Change-Id: I48f74b69c5d29dce4a576fa96e79563a4b484469
Signed-off-by: Kevin Carter <kecarter@redhat.com>
We need to be able to perform a login prior to pulling containers from
registries that require authentication.
Change-Id: Ic3b720ba35db8e3f3f866cd31d9171e91b04a86c
Related-Bug: #1833584
Avoids use of ignore_errors on a task that is only reading the status.
We only use the result code (rc) of the check so the task iself
should not fail regardless if the registry was managed or not.
Improves output of ansible console and confusing false errors.
Change-Id: I0be5f333a7ac6705279820a1a34667b4ec32f760
reset ssh connection to pick up docker group after the task that add the
deployment user to docker group.
Change-Id: Ifb9a9ad6c467b8f244665696ed02cdbdc7f9a9de
Some of our tasks and handlers need to be run as root but were
previously missing the become: true option. This change addresses this
to ensure the appropriate tasks and handlers are run as an admin user.
Change-Id: I9cf00809e8725d9220bc993c8fd6602e19ed7aa3
Newer versions of ansible lint are stricter. This change fixes up the
issues and ignores rule 405 which requires retries on package items.
We're skipping the retries because yum does that natively.
Change-Id: I9280a736cb1bdeeb1bdcea11ec4ca8f5af9d1e44
When deploying with --stack-only, the playbooks aren't executed so if a
variable is processed lated, it needs to be checked if it's actually
defined or not otherwise Ansible will fail.
Change-Id: I16a2eed003b8f7fd4c775cdeead3f3b51f8aa467
This commit adds an option `container_registry_skip_reconfiguration`,
that, when enabled, disables the reconfiguration if docker has already
been configured once.
Change-Id: I0bcaeea9cd24ab35a81d8c3d6fc3a384c1e4c3c2
Related-Bug: #1804790
Since we know xfs ftype=0 is incompatible with the container usage,
let's fail hard with a message if the system has an improperly
configured filesystem.
Change-Id: I06f80003d7f3f6443f75f39973d4e68ac24673be
Related-Bug: #1765121
With https://review.openstack.org/#/c/597153/
registry_pkg_manager was set to dnf for Centos7 as
well due to wrong string comparison, This patch convert
ansible_distribution_major_version to integer before
comparison and fixes the issue.
Change-Id: I603c1f932c63d07040e6aa24f1a75eab4e389738
Related-Blueprint: dnf-support
In order to run this on python3 and fedora, we need to use the dnf
module or use package.
Change-Id: I9f61facd0165f67af18018dff363a8e2075f3aee
Related-Blueprint: dnf-support
Move the wait-for-registry-up loop and systemd daemon reloading
commands behind the user-faced "restart docker(-registry)"
handlers. So users may just refer to it w/o manual daemon reload
tasks and w/o knowing of other advanced sub-steps details. But
those handlers may still be notified directly as well.
Add a fixed delay of a 10s for the docker service reload handler,
which is nice to have for the loaded systems running that command
way too long.
Add wait-for-docker-service-up loop into the docker service
reload handler for the better failures detection.
Simplify future support on CoreOS/atomic distributions
(which require reloading docker and socket in particular order)
Based on
https://github.com/kubernetes-incubator/kubespray/blob/ \
810596c6d8f1e13afa934ddeef996d4f42b29890/roles/docker/handlers/main.yml
Depends-On: I26cc07aa05912c3e84d59003686eae210e924a16
Change-Id: I28e8c682005e77b87a347f4d2a2dff219fab488c
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
Validate that Registry is actually up and running.
It's useful to fail early if the registry is for some reasons not
started correctly. It avoids to go further in the deployments steps and
loose time before seeing the failures when deploying containers.
Change-Id: Ic29d1c10741bf946c1df709d14b9b30dcf7f6c9b
The tasks were taken from OpenStack TripleO. They manage the case where
Docker needs to be updated. We'll first stop containers, stop docker
then update the rpm before making sure Docker is running again.
Change-Id: Ibde3d326b7e824fe09fafb9f46875b1e6739d299
This role should really be focused on creating a working docker and
registry, and installing kolla is not really related to that.
Even in CI, if container modifications are required it is more likely
to happen via modifying existing images with
ansible-role-tripleo-modify-image, which doesn't involve the kolla
package.
Change-Id: I7ba8d89b75f206aa92bdfd907712b1b0b44a4c32
Add support to configure additional sockets with a new parameter (must
be an array):
container_registry_additional_sockets
Example of value:
container_registry_additional_sockets:
- /var/lib/openstack/docker.sock
- /var/run/some-other/docker.sock
Change-Id: I0da7f5f1005532b8ba68c46ed6ca065cc333d0d5
This code:
{% if container_registry_mirrors | length > 0 %}registry-mirrors: [{{ container_registry_mirrors }}]{% endif %}
Needs to include the brackets and I haven't found a way yet to include
them without Ansible failure. In the meantime, let's go back on the old
code.
- add prefix to role variable names to avoid name collisions
- use ini_file rather than blockinfile for setting mount flags
- use ansible_selinux fact rather than depending on variable in role
- use role variables for setting values to be used in tasks rather than in line conditionals
- use filters for creating JSON file rather than a template
- remove '---' from YAML files since Ansible does not user YAML front matter
- update meta/main.yml