With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Change-Id: I74cefdfa885fa26dd7199fd0798527f511bf329d
All references to Gentoo, SUSE, Debian stretch and Centos-7 are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible
Change-Id: Ibe914d0d547b930b8167bfa475cc838df8d7ae25
For Centos, we use by default public repo for nginx. You can change this
behaviour with these role-wide variables:
- repo_centos_nginx_mirror
- repo_centos_nginx_key
Or with these osa-wide variables:
- centos_nginx_mirror
- centos_nginx_key
Change-Id: I8dcb3c97e9593877a4a420bd32b50ae29d9d311c
When using a custom repo with repo_centos_epel_mirror, you maybe need to
change the gpg key url because offline env
You can use this variable: repo_centos_epel_key
Change-Id: I9bb305d866f3d65653b95a25a5b9f5ecde5af0b0
The newer packages havee moved rsyncd into its own package called
rsync-daemon so we'll install that for anything newer than EL7.
Change-Id: Id1e8cc503d71cf6e7d0d84b5a74f6c3d7bce9393
It is no longer needed because of how we are using python_venv_build
at the moment, so let's remove it.
Depends-On: https://review.openstack.org/648477
Change-Id: I56531388fb49a8c3d098fd762392299742b0e120
In an environment with sudo and lsyncd not already installed the pre
install tasks try to set up config files before the config directories
exist, and the tasks fail.
This patch moves the sudo and lsyncd config tasks to run after the
distro packages have been installed.
In addition, sudo is added as a required distro package for the
repo server.
Change-Id: Iab09b732d63d007c1d638ec9dc35834e564e5ce5
The repo container's package cache causes quite a bit of confusion
given that it's a 'hidden' feature which catches deployers off-guard
when they already have their own cache configured. This is really
the kind of service which people should manage outside of OSA. It
also makes no sense if the deployer is using their own local mirror
which is a fairly common practise. Adding to that, it seems that it
is broken in bionic, causing massive delays in package installs.
Finally, it also adds to quite a bit of complexity due to the fact
that it's in a container - so in the playbooks prior to the container's
existence we have to detect whether it's there and add/remove the config
accordingly.
Let's just remove it and let deployers managing their own caching
infrastructure if they want it.
Change-Id: I829b9cfa16fbd1f9f4d33b5943f1e46623e1b157
For upgrades, and some new build configurations, trying to
create a new venv results in the error:
Could not get output from /usr/bin/virtualenv --help: Traceback (most recent call last):
File "/usr/bin/virtualenv", line 6, in <module>
from pkg_resources import load_entry_point
ImportError: No module named pkg_resources
To work around this issue, we do the initial build of the
venv using the CLI with the argument '--never-download'
so that virtualenv just uses the versions of pip, setuptools
and wheel that it already has.
Change-Id: I639bc78d34b640a52c32fa175b12fa958518e999
Given that the openstack_hosts role installs pip and virtualenv,
we do not need this extra meta-dependency and extra task/var.
Change-Id: Iac9f72586f6b26bd31d59a4fa5055687ff77f78b
With the more recent versions of ansible, we should now use
"is" instead of the "|" sign for the tests.
This should fix it.
Change-Id: Ib73373d8801c9eedd7c6e92b994a2fba0349ed90
With the removal of EPEL, we are selectively adding packages that
we need. This patch adds EPEL repositories only for lsyncd to
avoid conflicts and the NGINX upstream repositories for the web
server.
Change-Id: I832ae27570c5f35d01728a9e387fc451447b38ce
To cater for a situation where the pypiserver package is changing,
but the repo does not yet have the package built, we need to ensure
that the install task for it can fetch from pypi (or the designated
pypi mirror). To do this we try the local repo first, then fall back
to using the designated default index which defaults to pypi.
Change-Id: I1a2d36793fccc4c50f00247c8d19501ad8816517
The virtualenv_support folder missing from the repo
container when upgrading due to the implementation
in the repo_build role which removes it. In order
to prevent breaking the virtualenv tooling, [1] is
being submitted. However, we still need to handle
the situation where the upgrade is done from a
version before that patch is implemented.
This patch implements a force-reinstallation of
virtualenv if the folder is missing.
[1] https://review.openstack.org/540351
Change-Id: I2dcfa1abb46ee4e088dac7c9e77e9772ba8a269e
Closes-Bug: #1746935
This patch implements nginx as a reverse proxy for python
packages. The initial query will be to a local deployment
of pypiserver in order to serve any locally built packages,
but if the package is not available locally it will retry
the query against pypi and cache the response.
Depends-On: Id20a43fed833d53ca0f147f517deafba6587352d
Change-Id: Ic4fd64f4dc82121a65088f3d7f4ae53f373df608
Implements: blueprint python-build-install-simplification
Signed-off-by: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Instead of using the slower loop, pass the
list directly to the package task to do
them all at once.
Change-Id: Icb55b5852629e73ee927291cc136d1a6a479be9b
The update of the apt cache and the package installation
can all be handled in a single task by providing the
package action plugin with the right parameters. This
removes an extra task to optimise execution.
The minimum Ansible version is raised to 2.2 due to a
known bug [1] in Ansible's apt module which does not
update the cache properly if the cache update and the
install are combined in a single task.
[1] https://github.com/ansible/ansible-modules-core/issues/1497
Change-Id: I165479e62e921adb2a46fcbdb3b7c0118b2ef739
As EPEL is now deployed in the LXC cache and by the pip_install
role, this is no longer required.
This reverts commit 6106d6c4c9.
Change-Id: I2441f881059cd942345f4a01cbd82c643263010d
The recent changes to remove EPEL and install RDO broke keystone
since some packages from EPEL are still required. This patch
ensures that the repo_server role can install packages from EPEL if
needed.
Change-Id: I85c46a522a4302542645451b9c8279a8e951fd25
Related-bug: 1670012
Ansible 2.1.1 introduces a regression in the way conditional
includes are handled which results in every task in the
included file being evaluated even if the condition for the
include is not met. This extends the run time significantly
for a deployment.
This patch forces all conditional includes to be dynamic.
Change-Id: I66de661bf9f68a2d91e3a2fec9c1eee826c17592
Related-Bug: https://github.com/ansible/ansible/issues/17687
Separate files have been created for vars and tasks related to a
specific package manager.
The 'repo_apt_packages' variable has been deprecated and renamed to
the more generalized 'repo_server_packages' to better describe its
purpose and to simplify reuse of existing install tasks between multiple
distros.
git daemon is configured to host git repositories from the repo servers
using the git protocol.
Currently, openstack-ansible uses git over http to access repositories
on servers created by this role.
fcgiwrap and its configuration within nginx should be removed in a
follow-up patch after openstack-ansible has been updated to use the git
protocol.
Change-Id: I62321a7b62dabca469eb072ddbf4e8f250ce0fb3
The pip requirements in this role are not needed to stand up the
repo-server. Being that they're not required they should be removed.
The needed bits used to build the python wheels will be re-added to
the repo-build role where it can leverage the cloned upstream upper
constraints file from the openstack global requirements repo.
Change-Id: I16cd9c3b00b4bcf886da1d31c69d19f49c46969f
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Workarounding the upstream ansible apt module bug
documented here:
https://github.com/ansible/ansible-modules-core/pull/1517
For the next versions of ansible we'll be using, we should
check if the apt bug is fixed. When it's fixed, we could
abandon this change and use the standard apt module
with correct cache handling.
Change-Id: Iaff1eded0fd77ebfc69aca49b271ceaf719068a8