Merge "Install uWSGI from PyPI to repair CentOS 8 support"

2020-06-05 09:27:27 +00:00 · 2020-06-05 09:27:27 +00:00 · 11cd5b008c
commit 11cd5b008c
parent 506608c575 8593f2378b
10 changed files with 62 additions and 12 deletions
--- a/playbooks/roles/bifrost-keystone-install/defaults/required_defaults_Debian_family.yml
+++ b/playbooks/roles/bifrost-keystone-install/defaults/required_defaults_Debian_family.yml
@ -14,7 +14,3 @@ required_packages:
  - libssl-dev
  - libxml2-dev
  - nginx
-  - uwsgi
-  - uwsgi-core
-  # - python-django-uwsgi - This may not be needed
-  - uwsgi-plugin-python
--- a/playbooks/roles/bifrost-keystone-install/defaults/required_defaults_RedHat_family.yml
+++ b/playbooks/roles/bifrost-keystone-install/defaults/required_defaults_RedHat_family.yml
@ -15,10 +15,10 @@ required_packages:
  - python3-devel
  - python3-PyMySQL
  - python3-iniparse
+  - python3-libselinux
+  - python3-policycoreutils
  - libffi-devel
  - libxslt-devel
  - openssl-devel
  - libxml2-devel
  - nginx
-  - uwsgi
-  - uwsgi-plugin-python3
--- a/playbooks/roles/bifrost-keystone-install/defaults/required_defaults_Suse_family.yml
+++ b/playbooks/roles/bifrost-keystone-install/defaults/required_defaults_Suse_family.yml
@ -6,6 +6,7 @@ mysql_service_name: mysql
 required_packages:
  - python-selinux
  - mariadb
+  - policycoreutils-python
  - python-devel
  - python-MySQL-python
  - python-iniparse
@ -14,5 +15,3 @@ required_packages:
  - libopenssl-devel
  - libxml2-devel
  - nginx
-  - uwsgi
-  - uwsgi-python
--- a/playbooks/roles/bifrost-keystone-install/defaults/required_defaults_Ubuntu.yml
+++ b/playbooks/roles/bifrost-keystone-install/defaults/required_defaults_Ubuntu.yml
@ -13,7 +13,3 @@ required_packages:
  - libssl-dev
  - libxml2-dev
  - nginx
-  - uwsgi
-  - uwsgi-core
-  # - python-django-uwsgi - This may not be needed
-  - uwsgi-plugin-python3
--- a/playbooks/roles/bifrost-keystone-install/files/keystone_policy.te
+++ b/playbooks/roles/bifrost-keystone-install/files/keystone_policy.te
@ -0,0 +1,11 @@
+module keystone_policy 1.0;
+
+require {
+	type var_run_t;
+	type httpd_t;
+	class sock_file write;
+}
+
+#============= httpd_t ==============
+
+allow httpd_t var_run_t:sock_file write;
--- a/playbooks/roles/bifrost-keystone-install/tasks/bootstrap.yml
+++ b/playbooks/roles/bifrost-keystone-install/tasks/bootstrap.yml
@ -284,3 +284,30 @@
 - name: "Remove uwsgi sysvinit init script"
  command: update-rc.d -f uwsgi remove
  ignore_errors: yes
+
+- block:
+    - name: "Explicitly allow keystone port (TCP) on selinux"
+      seport:
+        ports: "5000"
+        proto: tcp
+        setype: http_port_t
+        state: present
+
+    - name: Copy keystone policy file to temporary directory
+      copy:
+        src: keystone_policy.te
+        dest: /tmp/keystone_policy.te
+
+    - name: Check keystone policy module
+      command: checkmodule -M -m -o /tmp/keystone_policy.mod /tmp/keystone_policy.te
+
+    - name: Package keystone policy module
+      command: semodule_package -m /tmp/keystone_policy.mod -o /tmp/keystone_policy.pp
+
+    - name: Include keystone policy module
+      command: semodule -i /tmp/keystone_policy.pp
+
+    - name: Enable keystone policy module
+      command: semodule -e keystone_policy
+  when: (ansible_os_family == 'RedHat' or ansible_os_family == 'Suse') and
+         ansible_selinux.status == 'enabled' and ansible_selinux.mode == "enforcing"
--- a/playbooks/roles/bifrost-keystone-install/tasks/install.yml
+++ b/playbooks/roles/bifrost-keystone-install/tasks/install.yml
@ -45,6 +45,14 @@
    - skip_install is not defined
    - enable_venv | bool == true

+- name: "Install uWSGI in venv if using"
+  include: pip_install.yml
+    package=uWSGI
+    virtualenv=bifrost_venv_dir
+  when:
+    - skip_install is not defined
+    - enable_venv | bool == true
+
 - name: "Install python-openstackclient in venv if using"
  include: pip_install.yml
    package=python-openstackclient
--- a/releasenotes/notes/centos-keystone-acad21e70153067d.yaml
+++ b/releasenotes/notes/centos-keystone-acad21e70153067d.yaml
@ -0,0 +1,4 @@
+---
+fixes:
+  - |
+    Fixes installing Keystone under CentOS 8.
--- a/zuul.d/bifrost-jobs.yaml
+++ b/zuul.d/bifrost-jobs.yaml
@ -109,6 +109,13 @@
    parent: bifrost-integration-tinyipa
    nodeset: centos-8

+- job:
+    name: bifrost-integration-tinyipa-keystone-centos-8
+    parent: bifrost-integration-tinyipa
+    nodeset: centos-8
+    vars:
+      enable_keystone: true
+
 - job:
    name: bifrost-integration-tinyipa-debian-buster
    parent: bifrost-integration-tinyipa
--- a/zuul.d/project.yaml
+++ b/zuul.d/project.yaml
@ -10,6 +10,7 @@
        - bifrost-integration-tinyipa-ubuntu-bionic
        - bifrost-integration-tinyipa-centos-8
        - bifrost-integration-tinyipa-keystone-ubuntu-bionic
+        - bifrost-integration-tinyipa-keystone-centos-8
        # Non-voting jobs
        - bifrost-integration-tinyipa-opensuse-15:
            voting: false
@ -36,3 +37,4 @@
        - bifrost-integration-tinyipa-ubuntu-bionic
        - bifrost-integration-tinyipa-centos-8
        - bifrost-integration-tinyipa-keystone-ubuntu-bionic
+        - bifrost-integration-tinyipa-keystone-centos-8