21 Commits

Author SHA1 Message Date
Ian Wienand
439da9ec02 openafs-client: ensure latest package and reorder install
We've noticed that openafs was not getting upgraded to the PPA version
on one of our opendev.org mirrors.  Switch install of packages to
"latest" to make sure it upgrades (reboots to actually apply change
unresolved issue, but at least package is there).

Also, while looking at this, reorder this to install the PPA first,
then ensure we have the kernel headers, then build the openafs kernel
modules, then install.  Add a note about having to install/build the
modules first.

Change-Id: I058f5aa52359276a4013c44acfeb980efe4375a1
2019-07-03 06:51:09 +10:00
Ian Wienand
36d9687b4a Use openstack-ci-core PPA for openafs 1.8.3
This ppa has openafs 1.8.3 for Bionic hosts

Change-Id: I26dc2f3f1a14cf59a4b132c53b4738ed4d9919f8
2019-06-17 15:56:09 +10:00
Zuul
9867d6c6bb Merge "Update to ansible-lint 4.1.0" 2019-06-11 01:48:18 +00:00
James E. Blair
3199e3b225 Enable SPF checking on lists
This requires an external program and only works on Debian hosts.

Newer versions of exim (4.91) have SPF functionality built-in, but
they are not yet available to us.

Change-Id: Idfe6bfa5a404b61c8761aa1bfa2212e4b4e32be9
2019-06-07 10:34:33 -07:00
Ian Wienand
52780440ff Update to ansible-lint 4.1.0
In a follow-on change (I9bf74df351e056791ed817180436617048224d2c) I
want to use #noqa to ignore an ansible-lint rule on a task; however
emperical testing shows that it doesn't work with 3.5.1.  Upgrading to
4.1.0 it seems whatever was wrong has been fixed.

This, however, requires upgrading to 4.1.0.

I've been through the errors ... the comments inline I think justify
what has been turned off.  The two legitimate variable space issues I
have rolled into this change; all other hits were false positives as
described.

Change-Id: I7752648aa2d1728749390cf4f38459c1032c0877
2019-06-06 22:13:12 +00:00
Ian Wienand
d5b321b074 Handle moved puppet repos
As per [1], it seems puppet has "cleaned up" most of the packages we
are using to install.

Install the puppet-agent packages directly as puppet's archive location
is not a valid repo. With puppet 4 at least these packages should bundle
everything we need including ruby.

[1] https://groups.google.com/forum/#!msg/puppet-users/cCsGWKunBe4/OdG0T7LeDAAJ

Depends-On: https://review.opendev.org/659384
Depends-On: https://review.opendev.org/659395
Change-Id: Ie9e2b79b42f397bddd960ccdc303b536155ce123
2019-05-15 16:03:07 -07:00
OpenDev Sysadmins
1ee61397a3 OpenDev Migration Patch
This commit was bulk generated and pushed by the OpenDev sysadmins
as a part of the Git hosting and code review systems migration
detailed in these mailing list posts:

http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003603.html
http://lists.openstack.org/pipermail/openstack-discuss/2019-April/004920.html

Attempts have been made to correct repository namespaces and
hostnames based on simple pattern matching, but it's possible some
were updated incorrectly or missed entirely. Please reach out to us
via the contact information listed at https://opendev.org/ with any
questions you may have.
2019-04-19 19:26:05 +00:00
Ian Wienand
72b4b868ab Skip installing puppetlabs repos if they exist
Currently ansible fails on most puppet4 hosts with

 TASK [puppet-install : Install puppetlabs repo] ********************************
 fatal: [...]: FAILED! => {"changed": false, "msg": "A later version is already installed"}

As described inline, the version at the "top level" we are installing
via ansible here is actualy lower than the version in the repo this
package installs (inception).  Thus once an upgrade has been run on
the host, we are now trying to *downgrade* the puppetlabs-release
package.  This stops the ansible run and makes everything unhappy.

If we have the puppet repo, just skip trying to install it again.

We do this for just trusty and xenial; at this point we don't have any
puppet5 hosts (and none are planned) and I haven't checked if it has
the same issues.

Change-Id: I55ea8bfbfc40befb1d138e9bc0f95b120f8f5dbd
2019-04-09 18:30:13 +10:00
Clark Boylan
0269710c86 Don't manage puppet.conf during puppet-install
The ansible-role-puppet role manages puppet.conf for us. These two roles
are currently fighting each other over the presence of the server line
in puppet.conf. Avoid this by removing the removal of this line and the
templatedir line from the new puppet-install role since
ansible-role-puppet was there first. Basically just trust
ansible-role-puppet to write a working puppet.conf for us.

Change-Id: Ifb1dff31a61071bd867d3a7cc3cbcc496177e3ce
2019-04-08 10:09:35 -07:00
Monty Taylor
68329470fa
Use include_tasks instead of include
They're the same, basically, but include tasks is clearer.

Change-Id: Ia03b8eb2b3e17b421fd5a178b0d9907cc71ebcae
2018-09-20 09:08:55 -05:00
Zuul
97319f0cd8 Merge "roles/kerberos-client: fix defaults" 2018-09-12 21:03:05 +00:00
Zuul
21a81de59f Merge "Don't use loops with package task" 2018-08-30 20:53:32 +00:00
Ian Wienand
faa6207e8c roles/kerberos-client: fix defaults
During review these variable names changed, but I didn't update the
defaults.

Change-Id: I825a738abe67b7e329421df3389ad2ed9137eec0
2018-08-29 15:34:06 +10:00
Paul Belanger
17a8a70643 Don't git clone system-config in puppet-install
Talking to clarkb, it was decided we can remove this logic in favor of
having ansible-role-puppet push system-config and modules to the remote
nodes.

Change-Id: I59b8a713cdf2b4c1fede44e977c49be5e8cc08fa
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2018-08-28 19:28:48 -04:00
Paul Belanger
30c2e03281 Don't use loops with package task
We can directly pass a list of packages to the package task in ansible,
this will help save us some times on run times.

Change-Id: I9b26f4f4f9731dc7d32186584620f1cec04b7a81
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2018-08-28 18:32:42 -04:00
Ian Wienand
ee7faefe08 Create ansible roles to install puppet
Currently our puppet-requiring hosts (all !bridge) do not manage their
puppet installs.  This is OK for existing servers, but new servers
come up without puppet installed.

This is playbooks to manage puppet installs on hosts.  It is mostly a
port of the relevant parts of ./install_puppet.sh for our various
control-plane platforms.

Basic testing with zuul-integration jobs is added.  Using this in the
control-plane base.yaml playbooks will be a follow-on.

Change-Id: Id5b2f5eb0f1ade198acf53a7c886dd5b3ab79816
2018-08-28 16:42:45 +10:00
Zuul
4bd5095f37 Merge "Scope exim service name variable" 2018-08-27 14:53:04 +00:00
James E. Blair
3bc18bc705 Scope exim service name variable
This is used in a handler which may be run after intervening roles;
ensure it has a unique variable name.

Change-Id: I6a3d856d3252ff62220d9769232e31ea7c4f9080
2018-08-24 17:05:03 -07:00
Ian Wienand
801e7c9bd0 Add openafs-client role
The role sets up a host as an OpenAFS client.

As noted in the README, OpenAFS is not available in every
distribution, or on every architecture.  The goal is to provide
sensible defaults but allow for flexibility.

This is largely a port of the client parts of
openstack-infra/puppet-openafs.

This is a generic role because it will be used from Zuul jobs
(wheel-builds) and in the control-plane (servers mounting AFS)

Tested-By: https://review.openstack.org/589335
Needed-By: https://review.openstack.org/590636
Change-Id: Iaaa18194baca4ebd37669ea00505416ebf6c884c
2018-08-23 21:34:47 +10:00
Ian Wienand
1939f3e8ec Move exim role to top-level
Move the exim role to be a "generic" role in the top-level roles/
directory, making it available for use as a Zuul role.

Update the linters jobs to look for roles in the top level

Update the Role documentation to explain what the split in roles is
about.

Change-Id: I6b49d2a4b120141b3c99f5f1e28c410da12d9dc3
2018-08-23 21:34:47 +10:00
Ian Wienand
e3da2c2e3e Add kerberos-client role
A role to setup a host as a kerberos client

This is largely a port of the client ports of
openstack-infra/puppet-kerberos.

This is a generic role because it will be used from Zuul jobs
(wheel-builds) and in the control-plane (servers mounting AFS)

Tested-By: https://review.openstack.org/589335
Needed-By: https://review.openstack.org/590636
Change-Id: I4b38ea7ec2325071a67068555ef47e15d559c18e
2018-08-23 21:34:47 +10:00