As repo_build role has been succesfully replaced with
python_venv_build role, we have no need in it's futher maintaining and
releasing.
Depends-On: https://review.opendev.org/717715
Change-Id: Ibf9ce1d602c5cfa9ed7431ca37de02df3335b36a
An fatal error results due to the install script search '.find' not existing
on the dict result of the install script check task. Instead the .find should
be searching the stdout key of the install script check task results dict.
Ie. .find() is a string search, not a dict search.
The following fatal error results when using .find() on the dict:
The conditional check 'pip_install_script.find('get-pip.py') != -1' failed.
The error was: error while evaluating conditional (pip_install_script.find('get-pip.py') != -1): 'dict object' has no attribute 'find'
Change-Id: I4b929d58057b3d249007fe7c563439ab65faf4ce
We don't ensure the permissions of the fetched file on the
download location. Sadly /tmp is a known place where users can
write files.
This is a problem, as a potential race condition could appear,
where get-pip is modifiable on /tmp/ folder by another user,
leading to privilege escalation.
Change-Id: I041db3412e228efe8a0d9a87f4cfba206482c729
There are times when you may wish to just configure pip,
not install it. This adds a flag to enable that option.
Change-Id: Ibaa3c0b6b323f22dbd640562362106166bbc0a0a
We have a test to ensure the install method of pip is from distro
or get-pip. But if an issue appeared in the first task, the
fallback method will automatically fallback to get-pip instead
of fallback to the isolated version of the pre-defined CLI.
This should ensure consistency by not using get-pip if it's not
needed.
Change-Id: I7aa4056ffb9bc2162f0960e74b6458bcbffa141f
With the more recent versions of ansible, we should now use
"is" instead of the "|" sign for the tests.
This should fix it.
Change-Id: I950916695929d35dbf4606f4ef33f5ae559118c5
Since we are testing the idempotence of this role, we shouldn't
fetch the get-pip.py script on every iteration so we set the variable
to 'false'. Moreover, we bump the PIP version to 9.0.3 since this is
what is currently being deployed on the hosts. Finally, get-pip.py
uses --force-reinstall by default which means that everything is being
reinstalled all the time and this breaks idempotence. We can fix that by
simply checking if a suitable version of PIP is installed and then use
it to do a proper upgrade.
Change-Id: I998182eca9851d2cc745930fc73ca37bfefd0951
If this role is run without having pip_install_upper_constraints set
then you'll get a failure stating that pip_install_upper_constraints is
undefined.
This patch simply adds the default filter when referencing
pip_install_upper_constraints, which seems to be the pattern used in
openstack-ansible's utility-install.yml playbook.
Change-Id: If1b68fb21e0eb8f2f8c33a6bec952c2972e3e5e3
Presently no constraints are passed to get-pip.py when installing
pip, so we just receive the latest version of pip/setuptools/wheel
everywhere without respecting global-requirement-pins or any other
constraints.
To avoid this we'll pass pip_install_upper_constraints args to
get-pip.py by default.
Change-Id: I32603fd34b60183607c6bd9653c36432cbe6b07a
The pip_required_pip_packages variable was introduced in
order to facilitate installing extra packages required
for SNI support. In Pike these extra package installs
were removed due to interference with distribution
packages installed, and the distro package installation
for this support was deemed better.
This variable and the related tasks therefore no longer
server any function and should be removed.
Change-Id: I76fb9ae324ff69e8fc8b23f7b610d2aca48d0949
The ability to lock the pip configuration down has
now been extended so that it is possible to implement
a different index and to use find-links to achieve the
same goal.
The only replacement implementation could be to disable
the setting of an index if one wanted to *only* use
wheels, but that is unnecessary in OSA builds as we are
able to set the build to only use a specific set of
wheels through the pypiserver on the repo container.
As such, this variable has become useless and unused.
This patch therefore removes it.
Change-Id: If472c845036ab904ffc15ca7201ae68d282c1be0
Implements: blueprint python-build-install-simplification
Signed-off-by: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
This removes the warnings in Ansible 2.4+.
The patch almost removes the "static:" argument which is no longer
used by Ansible.
Change-Id: I267a7cd17b0af7c1c59a166bb505875167b0ad81
The repo server now hosts a native pypi-server. This new server allows
us to use a native pip install instead of our existing "find-links"
approach. Moving to the native pypi server is not only faster, it is also
more scalable. This change agments our existing wheel lockdown by
setting the index to our new pypi-server and defining an online
constraint file in the pip.conf.
Additional checks have been set within the configuration task file so
that we're confirming pip can be locked down prior to setting the
pip.conf file which can, and will break a deployment if configured
incorrectly. These tasks will only fire when the option
`pip_lock_to_internal_repo` has been set to "true" making them a no-op
by default.
Change-Id: I2f9aaa1aecf7d03a833f60d483de364d6a6d64fa
Depends-On: Icc2ee264fc213b258642b5393dd78b1b26ef0542
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
With the change in openstack_hosts repo, we can remove
duplications in the pip_install role.
Depends-On: I541287f906a143ed79553c69e1a9e39ee38dc8dc
Change-Id: I1afc143579689a690eddbbf2423a4cd0501f9688
On something like the repo server we do not want to
change the default pip settings so that we allow
the global pip.conf or default pip settings to do
the right things.
Change-Id: I7bd31f2d89d3fe9d48e32c79ddef7a8ef1392eb7
The file selfcheck.json has no discernable purpose,
so it is removed. The file pip-selfcheck.json is
automatically created by pip and used to track
when last it checked if it's on the latest version.
The tags implemented in the role are also corrected
to ensure that the placement of the pip.conf file
is considered a 'config' task, not an 'install'
task. The sub-tags are removed as they are unnecessary.
Change-Id: I53ad3a9c50071a34286f2351f5f245f272c07638
This patch copies the RPM keys into /etc/pki/rpm-gpg/ and
maintains their original names. This should allow the LXC
cache process to copy over the keys.
Depends-On: Icfd7e2b110541f85bf98efc384a9698dbbbd9682
Change-Id: I8acf7237c1bcbf7dc98d08aa5907972b69574bba
This patch switches the order of keyservers since the
sks-keyservers server is more reliable than CentOS'
default.
Closes-Bug: 1723440
Change-Id: I9e18e518cf2baeb52f01531b96811cb1e4393cbc
The task to remove extra files and directories that the pip_install role
used to deploy has been included in the Pike release and was backported
through Newton. They definitely shouldn't exist in Queens and the task
to remove them shouldn't be required any more.
Change-Id: Ib514097f15a7560a5292798f8c0821f6a31c51c5
This patch does quite a few things to improve the performance of the
CentOS tasks:
1) Configures RDO repos as repositories rather than reinstalling an
RPM each time.
2) GPG keys are only installed if they're needed.
3) Yum repo configs are carefully modified if they already exist
which avoids removing deployer configurations.
4) Repo priorities are now set in one shot.
Change-Id: I0fe7f7ee0a9b580280c59f950277d2b9474e4210
Currently there are several layers to work through
when following what happens in the role. This is
confusing and somewhat frustrating.
This patch hopefully reduces the layers to a more
sane set.
Change-Id: I5f1a8c8465fa27b01342315dac5db0046cfb2e18
Allow deployers to choose a specific mirror by setting the
'pip_install_opensuse_mirror_url' variable
Change-Id: I4f4cc284ab7d1c3378e01737f9fade3afe251824
This patch allows deployers to set pip_install_centos_mirror_url
and override the default RDO repository (mirrors.centos.org).
Change-Id: I7b0dd5d14c82a74be955071e638c122ffb45ab31
The majority of the other roles use "Install distro packages"
as the name for the package installation task. This patch renames the
task in the pip_install role to match.
This will help when we try to profile the CI jobs to see which tasks
are taking the longest time to complete.
Change-Id: I353a4da01d7f99ccc33d9a0e4a494e9b43438da4
Signed-off-by: Major Hayden <major@mhtx.net>
This patch adds dnf support on CentOS without impacting existing
deployments that use yum.
Implements: blueprint centos-and-dnf
Change-Id: Ie583562b3c671389297ed5b0d5627f1b72ca286e
This reverts commit 35809a2fff.
Unfortunately this is trying to force a downgrade for
gating which results in failures. I'll need to re-work
this to do things a little differently.
Change-Id: I8d29d5f17c87cfd88847734ab9d96354b7f1706d
The get-pip script allows the use of constraints now,
so to provide the maximum protection we should use
it. This also reduces one of the places where we need
to do package pinning.
Change-Id: I4618615b84618401359b5c5c6f51512e6c9a697e
The OBS Cloud:OpenStack:Ocata repository contains most of the necessary
packages to deploy an OpenStack cloud so it's best to have it installed
as soon as possible.
Change-Id: I131558011d056da63f03a6e7d8276d93c594c9aa
It appears that yum-config-manager does not properly
configure all the repositories reliably when trying
to give it a bunch of them to do at once.
This patch sets each repo to be enabled and have the
priority set one at a time.
Change-Id: Ia56d7344572a0addfd4fd5c93832dc66f630e93d
Ansible 2.x allows for packages to be passed as a list directly to
the `name` argument. This patch moves the EPEL packages into a list
and converts all package install tasks to pass a list directly
rather than looping over a list with with_items.
This should speed things up a bit. ;)
Change-Id: I0c185ad9d2a69f5625309d77a30536d2d373b2b5
The update of the apt cache and the package installation
can all be handled in a single task by providing the
package action plugin with the right parameters. This
removes an extra task to optimise execution.
The minimum Ansible version is raised to 2.2 due to a
known bug [1] in Ansible's apt module which does not
update the cache properly if the cache update and the
install are combined in a single task.
[1] https://github.com/ansible/ansible-modules-core/issues/1497
Change-Id: I281016d1e836705afec1579192647ed7c6a7e7cd
Add missing pre_install_zypper file to SUSE which is required
by the pre_install.yml play. This also renames the SUSE variables
file to suse-42.yml to match the rest of the distributions.
Finally, the run_tests.sh, Vagrantfile and bindep.txt files are
synced with the openstack-ansible-tests repository.
Change-Id: I2fb733f5818098486e26ca7fb2ac015f02e3aa44
Tasks involved in the online install of pip have been made idempotent
and the idempotence test has been enabled.
The selfcheck.json file will only be written if it does not already
exist. Blocks have been added to tasks that have a fallback if they
fail. Tasks that run commands to install or download pip packages now
check stdout for success messages to determine if they should be marked
changed.
Change-Id: I0d440efd4d95420f6f43316f5e0242b8884293c8
Warnings about 'user_external_repo_keys_list' and
'user_external_repos_list' being undefined are
confusing.
Closes-Bug: #1670021
Change-Id: I2fe78300dd04066515f4c5b175d56cc1a6628c9d
Dmitriy Rabotyagov