Commit Graph

48 Commits

Author SHA1 Message Date
Ghanshyam Mann d68e447c4b Retire Tripleo: remove repo content
TripleO project is retiring
- https://review.opendev.org/c/openstack/governance/+/905145

this commit remove the content of this project repo

Change-Id: I29fb152050adab2912b2528f304c97ea4534fda4
2024-02-24 11:40:49 -08:00
Chandan Kumar (raukadah) 57da8455f1 Remove CentOS 7 based job
https://review.opendev.org/q/topic:ooo_c7_teardown is dropping
the c7 based jobs.

It also removes job definitions.

The last run https://zuul.openstack.org/builds?job_name=tripleo-ci-centos-7-undercloud-containers
was from 1 year ago.

We are removing these jobs as a part of ooo_c7_teardown[1].

Added py_modules=[] in setup.py to disable auto discovery
and fix linters job.

It also fixes tox molecule issues with no-changed-when
warning errors.

[1]. https://review.opendev.org/q/topic:ooo_c7_teardown

Signed-off-by: Chandan Kumar (raukadah) <chkumar@redhat.com>
Change-Id: I94d290321213ae0e097a9ac7d472878940edbafa
2022-05-02 11:14:01 +05:30
Alex Schultz 91f652a932 Fixing ci
* adding task names to satisfy lint
* fixing requirements for test setup

Change-Id: Ic7f019c5f58b456cb36c62283bf72a195d82c299
2021-06-28 13:14:27 -06:00
Alex Schultz 41c93a403d Use ansible_facts
ansible_facts should be used instead of the injected vars

Change-Id: I9e6e0a257d8abf844063b257b3d9026ec8c9ce6c
2021-02-22 12:16:33 -07:00
Alex Schultz 063f15ec2a Fix CI
Update work with newer ansible-lint and address some linting issues.

Change-Id: I69bd204407bd53210492a67bb8f90504a480db11
2021-02-22 12:16:26 -07:00
Alex Schultz dc3a577652 Stop using handlers
With the switch to tripleo_free in stable/train, we can no longer
reliably use handlers.  That being said, handlers don't make sense when
you are forcing them to run with a flush handlers anyway. So this change
takes the code we used in the handler and makes them explicit tasks in
the required locations where we used to do a flush handlers.  This
change should also improve the scope of some tasks to only occur when
necessary.

Change-Id: I1e31af24a4c1b9356a5971c6c1cb717d39d1e9b2
Closes-Bug: #1909750
2021-01-15 10:32:46 -07:00
Alex Schultz e354ac5fa5 Fix all the ci
1) Bump pyflakes

We need a python 3.9 compatible version.

Related PyCQA/pyflakes #367

2) Fix missing permissions on files

3) Ignore ansible-lint 106 for role name

4) Fix setup-tools install LP#1902986

5) ensure virtualenv is installed

6) fix missing htpasswd

Change-Id: I8302bc6c9250eba78437ccfec35e4de91348333e
2020-11-13 15:23:32 -07:00
Alex Schultz 7eca2dd091 Don't log login
We only will log when the debug option is used.

Change-Id: I6cda4c2f4866cf38d8b561ae4c9b4638d676dd2e
2020-02-20 23:02:09 +00:00
Lukas Bezdicka 7a2a664a84 Don't stop containers before docker package update
Back in Openstack Pike release we hit issue with docker having
changes applied via puppet causing restart of docker service
without --live-restore option. This approach was buggous from the
begining and it's definetly obsolete here. We do only minor updates of
OS during release so we do only patch level updates of docker.

Change-Id: Iff4823d72c4d50838b6997398b23e76cec50ca56
RefBug: #1747851
Closes-Bug: #1851872
2019-11-11 12:37:35 +00:00
Sorin Sbarnea 230373ece3 Disable docker iptables support
Fixes: https://bugs.launchpad.net/tripleo/+bug/1845166/
Change-Id: Ib8a28d84d7363f060170c134ea291e84c3231357
2019-10-03 20:12:48 +01:00
Gabriele Cerami 78da67824a expand login subtasks so it can be used in all rdo jobs
With the upcoming activation of RHEL8 pipeline, we decided with infra it
was better to switch rdo registry to restricted access.
This means that all the job in rdo must login to registry to pull
containers.
All the Centos7 jobs must now call this role to login to the registry,
so we are expanding the login part to satisfy the workflow
RHEL8 job with podman will use a internal role instead.

Change-Id: I6e55bdcf493d04bfc88ae22154124a7888563147
2019-09-05 13:08:00 +05:30
Alex Schultz 884a8f6f1b Specify a default for container_registry_logins
When we run this, if we try to evaulate this without the variable being
set it errors. We assume empty if the variable is unset.

Change-Id: Ic6eea050cd627d9d09745bf194c2dd36b015e6ff
Closes-Bug: #1835657
2019-07-12 15:01:20 -06:00
Kevin Carter 1217799b1b
Add molecule testing
This change adds molecule testing using a simple base job and pre|run playbooks.
The test will be executed via a native zuul job and will ensure we're exercising
all of the available code path's as provide by this role.

Two molecule scenarios will be executed whenever any change is made to this role

* default - runs through the typical main code path
* login - tests a secure docker registry ensuring our login capabilities are
          never broken.

Documentation in the readme has been added to show how local testing can be run.

A bindep.txt file has been added to ensure zuul knows how to install our
required base packages.

Closes-Bug: #1835657
Related-Bug: #1833584
Change-Id: I48f74b69c5d29dce4a576fa96e79563a4b484469
Signed-off-by: Kevin Carter <kecarter@redhat.com>
2019-07-10 18:42:16 -05:00
Kevin Carter b295cc9aef Covert lookup to query
This change updates our loop so that it will expect a list.

More on the query lookup can be seen here[0]

[0] https://docs.ansible.com/ansible/2.6/plugins/lookup.html#invoking-lookup-plugins-with-query

Change-Id: Id8bfea751a7239fd9be6e9dbbb5a0a700e29b64e
Closes-Bug: #1835657
Related-Bug: #1833584
Signed-off-by: Kevin Carter <kecarter@redhat.com>
2019-07-10 14:53:38 -05:00
Zuul 54526ccde7 Merge "Add docker login support" 2019-06-25 22:32:28 +00:00
Alex Schultz 9bf5868d02 Add docker login support
We need to be able to perform a login prior to pulling containers from
registries that require authentication.

Change-Id: Ic3b720ba35db8e3f3f866cd31d9171e91b04a86c
Related-Bug: #1833584
2019-06-20 15:33:31 -06:00
Rafael Folco 80af0d223e Fix docker network option condition
The option is being ignored. This is useful to adjust settings
like in bug https://bugs.launchpad.net/kolla-ansible/+bug/1654395.

Change-Id: I9c8f267a92198a06acb3611754bd16278a699df1
Related-Bug: #1654395
2019-06-06 17:46:20 -03:00
Sorin Sbarnea 0cc18945c6 Improve condition checking about docker registry config
Avoids use of ignore_errors on a task that is only reading the status.

We only use the result code (rc) of the check so the task iself
should not fail regardless if the registry was managed or not.

Improves output of ansible console and confusing false errors.

Change-Id: I0be5f333a7ac6705279820a1a34667b4ec32f760
2019-02-16 10:42:29 +00:00
Zuul be79743b13 Merge "Fix become for tasks and handlers" 2019-01-31 18:42:08 +00:00
Emilien Macchi 70a9413057 docker: add reset_connection
reset ssh connection to pick up docker group after the task that add the
deployment user to docker group.

Change-Id: Ifb9a9ad6c467b8f244665696ed02cdbdc7f9a9de
2019-01-30 20:10:24 +00:00
Alex Schultz df0ca83325 Fix become for tasks and handlers
Some of our tasks and handlers need to be run as root but were
previously missing the become: true option. This change addresses this
to ensure the appropriate tasks and handlers are run as an admin user.

Change-Id: I9cf00809e8725d9220bc993c8fd6602e19ed7aa3
2019-01-29 13:08:16 -07:00
Alex Schultz 2cba7e32b7 Fix linting issues
Newer versions of ansible lint are stricter. This change fixes up the
issues and ignores rule 405 which requires retries on package items.
We're skipping the retries because yum does that natively.

Change-Id: I9280a736cb1bdeeb1bdcea11ec4ca8f5af9d1e44
2019-01-14 09:51:40 -07:00
Emilien Macchi 61760f2fc1 docker: check if ftype exists
When deploying with --stack-only, the playbooks aren't executed so if a
variable is processed lated, it needs to be checked if it's actually
defined or not otherwise Ansible will fail.

Change-Id: I16a2eed003b8f7fd4c775cdeead3f3b51f8aa467
2018-12-19 17:08:55 +00:00
Mike Fedosin 88c26d2cda Allow to skip docker reconfiguration
This commit adds an option `container_registry_skip_reconfiguration`,
that, when enabled, disables the reconfiguration if docker has already
been configured once.

Change-Id: I0bcaeea9cd24ab35a81d8c3d6fc3a384c1e4c3c2
Related-Bug: #1804790
2018-12-10 13:05:05 +01:00
Zuul eb5d61b601 Merge "use include_tasks instead of include" 2018-11-15 07:39:19 +00:00
Alex Schultz 5e1ba52f79 Add xfs ftype check during install
Since we know xfs ftype=0 is incompatible with the container usage,
let's fail hard with a message if the system has an improperly
configured filesystem.

Change-Id: I06f80003d7f3f6443f75f39973d4e68ac24673be
Related-Bug: #1765121
2018-10-25 15:23:30 -06:00
zhulingjie 693c4f3084 use include_tasks instead of include
Change-Id: I5e0dd2f7a230b36ac2ee6fb86ed234c255ee4086
2018-10-11 14:32:11 -04:00
yatin b33f893567 Correctly set registry_pkg_manager
With https://review.openstack.org/#/c/597153/
registry_pkg_manager was set to dnf for Centos7 as
well due to wrong string comparison, This patch convert
ansible_distribution_major_version to integer before
comparison and fixes the issue.

Change-Id: I603c1f932c63d07040e6aa24f1a75eab4e389738
Related-Blueprint: dnf-support
2018-09-06 09:12:27 +00:00
Jose Luis Franco Arza d7e0e8f88f Add missing quotes in shell task.
Missing quotes arose as an error in the
minor updates CI job. Adding them.

Change-Id: Ia4aa12411d31ca085480fb126c5c2d60950cfee7
Closes-Bug: #1790786
2018-09-05 09:00:53 +02:00
Alex Schultz 4f89546529 Add support for dnf
In order to run this on python3 and fedora, we need to use the dnf
module or use package.

Change-Id: I9f61facd0165f67af18018dff363a8e2075f3aee
Related-Blueprint: dnf-support
2018-08-28 09:04:07 -06:00
Bogdan Dobrelya 9fcedac3b9 Improve docker/distribution reload handlers
Move the wait-for-registry-up loop and systemd daemon reloading
commands behind the user-faced "restart docker(-registry)"
handlers. So users may just refer to it w/o manual daemon reload
tasks and w/o knowing of other advanced sub-steps details. But
those handlers may still be notified directly as well.

Add a fixed delay of a 10s for the docker service reload handler,
which is nice to have for the loaded systems running that command
way too long.

Add wait-for-docker-service-up loop into the docker service
reload handler for the better failures detection.

Simplify future support on CoreOS/atomic distributions
(which require reloading docker and socket in particular order)

Based on
https://github.com/kubernetes-incubator/kubespray/blob/ \
  810596c6d8f1e13afa934ddeef996d4f42b29890/roles/docker/handlers/main.yml

Depends-On: I26cc07aa05912c3e84d59003686eae210e924a16
Change-Id: I28e8c682005e77b87a347f4d2a2dff219fab488c
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2018-07-16 16:52:55 +03:00
Emilien Macchi d6c63f1baa Add validation for docker registry v2
Validate that Registry is actually up and running.
It's useful to fail early if the registry is for some reasons not
started correctly. It avoids to go further in the deployments steps and
loose time before seeing the failures when deploying containers.

Change-Id: Ic29d1c10741bf946c1df709d14b9b30dcf7f6c9b
2018-05-21 14:28:31 +00:00
Emilien Macchi 7a3cd85d56 Handle Docker rpm updates
The tasks were taken from OpenStack TripleO. They manage the case where
Docker needs to be updated. We'll first stop containers, stop docker
then update the rpm before making sure Docker is running again.

Change-Id: Ibde3d326b7e824fe09fafb9f46875b1e6739d299
2018-05-20 18:59:16 +00:00
Steve Baker eb7010fc45 Don't install kolla
This role should really be focused on creating a working docker and
registry, and installing kolla is not really related to that.

Even in CI, if container modifications are required it is more likely
to happen via modifying existing images with
ansible-role-tripleo-modify-image, which doesn't involve the kolla
package.

Change-Id: I7ba8d89b75f206aa92bdfd907712b1b0b44a4c32
2018-05-15 08:57:08 +12:00
Emilien Macchi 7753bfd408 docker: add support for additional sockets
Add support to configure additional sockets with a new parameter (must
be an array):
container_registry_additional_sockets

Example of value:
container_registry_additional_sockets:
  - /var/lib/openstack/docker.sock
  - /var/run/some-other/docker.sock

Change-Id: I0da7f5f1005532b8ba68c46ed6ca065cc333d0d5
2018-05-07 21:49:45 +00:00
Emilien Macchi 6fe9752c3d Don't amend group when deployment_user is empty 2018-04-17 18:46:57 -07:00
Emilien Macchi d480839da5 Restore old task for docker-daemon.json
This code:
  {% if container_registry_mirrors | length > 0 %}registry-mirrors: [{{ container_registry_mirrors }}]{% endif %}

Needs to include the brackets and I haven't found a way yet to include
them without Ansible failure. In the meantime, let's go back on the old
code.
2018-04-16 17:27:04 -07:00
Sam Doran 933411899c Make improvements to role
- add prefix to role variable names to avoid name collisions
- use ini_file rather than blockinfile for setting mount flags
- use ansible_selinux fact rather than depending on variable in role
- use role variables for setting values to be used in tasks rather than in line conditionals
- use filters for creating JSON file rather than a template
- remove '---' from YAML files since Ansible does not user YAML front matter
- update meta/main.yml
2018-04-16 15:39:56 -04:00
Emilien Macchi 9f4336318a Support for multiple insecure registries
Co-Authored-By: @samdoran
Closes #1
2018-04-16 08:16:20 -07:00
Emilien Macchi cd1de0d7c8 Make playbooks idempotent
removing docker-registry also removed docker-distribution, so the
playbook wasn't idempotent.
2018-04-14 19:12:59 -07:00
Emilien Macchi b8225a3b55 Fix insecure_registries config
Note: we still not support multiple registries.
2018-04-14 18:59:14 -07:00
Emilien Macchi 7fb3cd5f4d Don't try to upgrade docker packages
... we just need to make sure they're here but not control the actual
upgrade, it's too opinionated.
2018-04-14 18:28:21 -07:00
Emilien Macchi b29e6b2f43 Fix selinux config in sysconfig 2018-04-14 18:14:33 -07:00
Emilien Macchi 9dab1b97e1 Manage docker group 2018-04-14 16:53:51 -07:00
Emilien Macchi efbe428ec9 Fix indentation for create 2018-04-14 12:37:39 -07:00
Emilien Macchi ac0964a612 Create config files if they don't exist 2018-04-14 11:52:14 -07:00
Emilien Macchi b8638c8670 Add handlers for both services
... so docker and docker-distribution restart when config change.

Closes #2
2018-04-13 17:46:14 -07:00
Emilien Macchi 161e6adbc1 first commit 2018-04-13 13:38:32 -07:00