With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: Id92330b3c709201a74612c8353cefa75778eac0c
All references to Gentoo, SUSE, Debian stretch and Centos-7 are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible
Change-Id: I1624730385a7b54cf36a94d313cc298430129736
This role only support openSUSE Leap 15, not 42.3, not tumbleweed.
Saying all is confusing and a bad practice. This fixes it, while
ensuring the job is properly defined to test that assertion.
Change-Id: I8d4bccbe283a0b09f42e2d2419612b3a4a1c6a0d
This patch adds the Debian jobs for this role to make sure
it's always passing as well as updates the meta to reflect
it's support of Debian accordingly.
Depends-On: I9a92b73c419a0dc1cca40dacfef75de61a61db94
Change-Id: Idf1d86b24196a9613b7e953de1628df2eb482cce
Given that pymysql is pure python and has no C binding
dependencies, we no longer need the role to install the
MariaDB client libraries.
Change-Id: I309022aa53b8878a167d09d6288678eee5ca0159
This removes warnings in Ansible 2.4+.
The patch also removes "static:" from the playbooks since that
argument is no longer used by Ansible.
Change-Id: I6e5fcbccd4239db73de20e640a3423d1a2333bbe
With addition of pip_install on every node, we don't
need to have pip_install as a meta dependency.
Depends-On: If3412bb888ebb854874bbc43eb76bfcb3e4a7868
Depends-On: I79ff70c438b44753be2a93f004ebbc46de0a963d
Change-Id: Ie72283fc39355bb798a90ce3347a197d1b8e5e37
The memcache token driver was removed in Ocata and the only valid option
is sql, which is only used when keystone_token_provider is uuid.
Change-Id: I1db15e2553893b74d3f7d57d4d50ca2052be04e4
We need to add openstack ansible information in the role
metadata to be able to track role maturity. With it,
we can create a role maturity table and take decisions about
role deprecations.
Change-Id: I00787d4812a9f0ab8ef661c98325327fa581dac3
Add support for the openSUSE Leap distributions. Additionally,
for openSUSE, we need to load some extra apache2 modules which are
not there by default.
Change-Id: Iac555cefa0a7a6ecf344761d54644fd3fa2443f9
The update of the apt cache and the package installation
can all be handled in a single task by providing the
package action plugin with the right parameters. This
removes an extra task to optimise execution.
The minimum Ansible version is raised to 2.2 due to a
known bug [1] in Ansible's apt module which does not
update the cache properly if the cache update and the
install are combined in a single task.
[1] https://github.com/ansible/ansible-modules-core/issues/1497
Change-Id: If6b3261bba643759f12a811d849ce9cb1040497f
Starting in Ansible 2.0, the get_url [1] module provides the
ability for a checksum to be provided to the get_url module
which will be verified against the local destination file
and the task skipped if it matches.
[1] http://docs.ansible.com/ansible/get_url_module.html
This patch implements the use of this functionality.
The ability to ignore a venv download failure is also removed
as this is not necessary or desirable. It is better for the
download to fail and the playbook execution to stop immediately
so that the failure point is exposed.
Change-Id: If1dd3fde47871c1201fb50759432a511a6f5fbce
This change implements CentOS 7 support within the os_keystone role.
Depends-on: I333fb1887339e8dc9ebf10ff137dda3cff629dc0
Change-Id: Ib339cd0657f7008fa48bf74f8d6ddd4b8add2ea1
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The pip_install and pip_lock_down roles have been merged.
Remove pip_lock_down from the role's meta dependencies and test
requirements.
Change-Id: Ie421d6614eae5a26d842fea5e4acf42fc3de7669
This change creates a ubuntu 16.04 variable file that will allow
the role to be executed against a ubuntu 16.04 host.
Change-Id: Ib6d7e68133de8d10b81d9116b74dca1de7568897
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This role makes use of the ternary filter which was only introduced in
Ansible 1.9, this patch updates the min_ansible_version to 1.9.
Change-Id: I8653658c8dcc23b3387834f16f8ed933caa51026
The pip_install role is depended on by a lot of other roles, and
therefore sometimes gets processed prior to the pip_lock_down
role resulting in the pip, setuptools and wheels packages being
installed from a source other than the repo server once the repo
server is available. This is not the intended behaviour - the
repo server should always be a the primary source once it's
available.
This patch ensures that the pip_lock_down role is applied before
all the other dependent roles to ensure that the expected
behaviour is followed.
Change-Id: Ic283b08a00ac57c854fefd66589a326721fa9d93
* A conditional was added to the apt-package-pinning role
from meta was updated to only be run if the package
manager is apt
Change-Id: Ia0359872a52de8b1b8aeae9efa64479f9d930068
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This change makes it so that the OS_keystone role is an independent
role and can be installed / tested stand-alone.
Implements: blueprint independent-role-repositories
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This change simply enables fernet to be the default token backend
and disables the keystone memcached configuration for token storage.
Change-Id: I1037a7fce567e476f07a5d3c220379d656248160
Related-Bug: #1463569
This new role is now providing the ability for a user to pin apt
packages as they see fit. The idea is to allow someone to implement
pinning in a generic way that can be represented as a global variable
or as a hostvar. The new role has been added to all install roles as
a dependency which will allow it to ensure that packages are pinned
everywhere as would be expected.
Change-Id: I354e8515570fa7174366ba57d57aece3c304568e
This change implements the blueprint to convert all roles and plays into
a more generic setup, following upstream ansible best practices.
Items Changed:
* All tasks have tags.
* All roles use namespaced variables.
* All redundant tasks within a given play and role have been removed.
* All of the repetitive plays have been removed in-favor of a more
simplistic approach. This change duplicates code within the roles but
ensures that the roles only ever run within their own scope.
* All roles have been built using an ansible galaxy syntax.
* The `*requirement.txt` files have been reformatted follow upstream
Openstack practices.
* Dynamically generated inventory is now more organized, this should assist
anyone who may want or need to dive into the JSON blob that is created.
In the inventory a properties field is used for items that customize containers
within the inventory.
* The environment map has been modified to support additional host groups to
enable the seperation of infrastructure pieces. While the old infra_hosts group
will still work this change allows for groups to be divided up into seperate
chunks; eg: deployment of a swift only stack.
* The LXC logic now exists within the plays.
* etc/openstack_deploy/user_variables.yml has all password/token
variables extracted into the separate file
etc/openstack_deploy/user_secrets.yml in order to allow seperate
security settings on that file.
Items Excised:
* All of the roles have had the LXC logic removed from within them which
should allow roles to be consumed outside of the `os-ansible-deployment`
reference architecture.
Note:
* the directory rpc_deployment still exists and is presently pointed at plays
containing a deprecation warning instructing the user to move to the standard
playbooks directory.
* While all of the rackspace specific components and variables have been removed
and or were refactored the repository still relies on an upstream mirror of
Openstack built python files and container images. This upstream mirror is hosted
at rackspace at "http://rpc-repo.rackspace.com" though this is
not locked to and or tied to rackspace specific installations. This repository
contains all of the needed code to create and/or clone your own mirror.
DocImpact
Co-Authored-By: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Closes-Bug: #1403676
Implements: blueprint galaxy-roles
Change-Id: I03df3328b7655f0cc9e43ba83b02623d038d214e