From fa06dcd37b88822eda11346ed280c5c5b221bdb3 Mon Sep 17 00:00:00 2001
From: Eduardo Gonzalez <dabarren@gmail.com>
Date: Tue, 19 Sep 2017 08:23:50 +0100
Subject: [PATCH] Fix ci gate failure

This patch includes three unrelated fixes.

Make qemu use nova user in centos
Libvirt 3.2.0 (latest version in centos) seems to
have changed behavior of dynamic_ownership.

Pin ansible to <2.4 to make ara work in gates
ARA does not work yet with ansible 2.4, this change
pins to lower version to make gates work.
Revert once ara works with 2.4

Disable selinux for oraclelinux and centos.

Co-Authored-By: wanghongxu <wang19930902@gmail.com>
Co-Authored-By: Jeffrey Zhang <jeffrey.zhang@99cloud.net>
Change-Id: Iac8bec19437192cd198d58f71c6ed0a65a76f820
Closes-bug: #1718541
---
 ansible/roles/baremetal/defaults/main.yml      | 2 ++
 ansible/roles/baremetal/tasks/post-install.yml | 9 +++++++++
 ansible/roles/nova/templates/qemu.conf.j2      | 9 +++++----
 tools/setup_gate.sh                            | 2 +-
 4 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/ansible/roles/baremetal/defaults/main.yml b/ansible/roles/baremetal/defaults/main.yml
index a62df02ec5..8b19e3e0ee 100644
--- a/ansible/roles/baremetal/defaults/main.yml
+++ b/ansible/roles/baremetal/defaults/main.yml
@@ -11,6 +11,8 @@ create_kolla_user: True
 
 enable_host_ntp: True
 
+disable_selinux: True
+
 docker_storage_driver: ""
 
 debian_pkg_install:
diff --git a/ansible/roles/baremetal/tasks/post-install.yml b/ansible/roles/baremetal/tasks/post-install.yml
index 64fc6f3a5f..653e7b65f7 100644
--- a/ansible/roles/baremetal/tasks/post-install.yml
+++ b/ansible/roles/baremetal/tasks/post-install.yml
@@ -104,6 +104,15 @@
     - ansible_os_family == "RedHat"
     - enable_host_ntp | bool
 
+- name: Disable selinux
+  selinux:
+    policy: target
+    state: permissive
+  become: true
+  when:
+    - disable_selinux | bool
+    - ansible_os_family == "RedHat"
+
 - name: Reboot
   command: reboot -f
   become: True
diff --git a/ansible/roles/nova/templates/qemu.conf.j2 b/ansible/roles/nova/templates/qemu.conf.j2
index 0f75244e4b..1127ef0a2b 100644
--- a/ansible/roles/nova/templates/qemu.conf.j2
+++ b/ansible/roles/nova/templates/qemu.conf.j2
@@ -1,12 +1,13 @@
 stdio_handler = "file"
 
-{% if kolla_base_distro == "ubuntu" %}
+{% if kolla_base_distro in ['ubuntu', 'centos', 'oraclelinux']%}
 # TODO: this workaround need to be fixed in Pike
-# Ubuntu cloud archive released libvirt-bin version 2.5.0 which runs vms as
-# libvirt-qemu user. This locks access to nova created files for vms which
-# have permissions 722 for nova user. We need to force qemu to use this user
+# libvirt-bin latest version which runs vms as libvirt-qemu user.
+# This locks access to nova created files for vms which have
+# permissions 722 for nova user. We need to force qemu to use this user
 # to be able to access vm files.
 # see https://bugs.launchpad.net/kolla-ansible/+bug/1668654
+# see https://bugs.launchpad.net/kolla/+bug/1718541
 user = "nova"
 group = "nova"
 {% endif %}
diff --git a/tools/setup_gate.sh b/tools/setup_gate.sh
index 76a8bf7b8e..20db357e90 100755
--- a/tools/setup_gate.sh
+++ b/tools/setup_gate.sh
@@ -126,7 +126,7 @@ function setup_ansible {
     mkdir /tmp/kolla
 
     # TODO(SamYaple): Move to virtualenv
-    sudo -H pip install -U "ansible>=2" "docker>=2.0.0" "python-openstackclient" "python-neutronclient" "ara"
+    sudo -H pip install -U "ansible>=2,<2.4" "docker>=2.0.0" "python-openstackclient" "python-neutronclient" "ara"
     detect_distro
 
     setup_inventory