Remove the ansible.cfg file

The ansible.cfg file has been removed to allow a deployer to specify their own configurations without having to modify the ansible.cfg file within the playbooks directory. Change-Id: I94a8647edd04c21c34f7892f3179a8aa66548ed3 Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2016-07-21 12:31:44 -05:00 · 2016-07-21 12:31:44 -05:00 · 423c409a67
commit 423c409a67
parent cebce0c020
7 changed files with 73 additions and 41 deletions
--- a/playbooks/ansible.cfg
+++ b/playbooks/ansible.cfg
@ -1,31 +0,0 @@
-[defaults]
-# Set the role path
-roles_path = /etc/ansible/roles:roles
-retry_files_enabled = False
-
-# Additional plugins
-lookup_plugins = /etc/ansible/roles/plugins/lookup
-filter_plugins = /etc/ansible/roles/plugins/filter
-action_plugins = /etc/ansible/roles/plugins/action
-
-library = /etc/ansible/roles/plugins/library
-
-# Fact caching
-gathering = smart
-gather_subset = !facter,!ohai
-fact_caching = jsonfile
-fact_caching_connection = /etc/openstack_deploy/ansible_facts
-fact_caching_timeout = 86400
-
-inventory = inventory
-host_key_checking = False
-
-# Set color options
-nocolor = 0
-
-# SSH timeout
-timeout = 6
-transport = ssh
-
-[ssh_connection]
-pipelining = True
--- a/playbooks/inventory/group_vars/all.yml
+++ b/playbooks/inventory/group_vars/all.yml
@ -244,8 +244,10 @@ openrc_region_name: "{{ service_region }}"
 # Docs: http://docs.openstack.org/developer/openstack-ansible-security/
 apply_security_hardening: true

+## Ansible ssh configuration
 ansible_ssh_extra_args: >
  -o UserKnownHostsFile=/dev/null
+  -o StrictHostKeyChecking=no
  -o ServerAliveInterval=64
  -o ServerAliveCountMax=1024
  -o Compression=no
--- a/releasenotes/notes/remove-ansible.cfg-e65e4f17bc30cce7.yaml
+++ b/releasenotes/notes/remove-ansible.cfg-e65e4f17bc30cce7.yaml
@ -0,0 +1,17 @@
+---
+features:
+  - Our general config options are now stored in an
+    "/usr/local/bin/openstack-ansible.rc" file and will
+    be sourced when the "openstack-ansible" wrapper is
+    invoked. The RC file will read in BASH environment
+    variables and should any Ansible option be set that
+    overlaps with our defaults the provided value will
+    be used.
+other:
+  - The in tree "ansible.cfg" file in the playbooks
+    directory has been removed. This file was making
+    compatibility difficult for deployers who need to
+    change these values. Additionally this files very
+    existance forced Ansible to ignore any other config
+    file in either a users home directory or in the
+    default "/etc/ansible" directory.
--- a/requirements.txt
+++ b/requirements.txt
@ -11,5 +11,6 @@ ndg-httpsclient>=0.4.2;python_version<'3.0' # BSD
 netaddr!=0.7.16,>=0.7.12 # BSD
 PrettyTable<0.8,>=0.7 # BSD
 pycrypto>=2.6 # Public Domain
+python-memcached>=1.56  # PSF
 PyYAML>=3.1.0 # MIT
 virtualenv # MIT
--- a/scripts/bootstrap-ansible.sh
+++ b/scripts/bootstrap-ansible.sh
@ -53,7 +53,7 @@ case ${DISTRO_ID} in
    centos|rhel)
        yum check-update
        yum -y install git python2 curl autoconf gcc-c++ \
-          python2-devel gcc libffi-devel openssl-devel python-requests \
+          python2-devel gcc libffi-devel nc openssl-devel python-requests \
          python-pyasn1 pyOpenSSL python-ndg_httpsclient \
          python-netaddr python-prettytable python-crypto PyYAML \
          python-virtualenv
@ -62,7 +62,7 @@ case ${DISTRO_ID} in
        apt-get update
        DEBIAN_FRONTEND=noninteractive apt-get -y install \
          git python-all python-dev curl python2.7-dev build-essential \
-          libssl-dev libffi-dev python-requests python-openssl python-pyasn1 \
+          libssl-dev libffi-dev netcat python-requests python-openssl python-pyasn1 \
          python-netaddr python-prettytable python-crypto python-yaml \
          python-virtualenv
        ;;
@ -130,6 +130,11 @@ if [ -f "${ANSIBLE_ROLE_FILE}" ]; then
  fi
 fi

+# Copy the OSA Ansible rc file into place
+if [[ ! -f "/usr/local/bin/openstack-ansible.rc" ]]; then
+  cp scripts/openstack-ansible.rc /usr/local/bin/openstack-ansible.rc
+fi
+
 # Create openstack ansible wrapper tool
 cat > /usr/local/bin/openstack-ansible <<EOF
 #!/usr/bin/env bash
@ -164,7 +169,7 @@ VAR1="\$(for i in \$(ls /etc/openstack_deploy/user_*.yml); do echo -ne "-e @\$i
 info "Variable files: \"\${VAR1}\""

 # Run the ansible playbook command.
-\$(which ansible-playbook) \${VAR1} \$@
+. /usr/local/bin/openstack-ansible.rc && \$(which ansible-playbook) \${VAR1} \$@
 EOF

 # Ensure wrapper tool is executable
--- a/scripts/gate-check-commit.sh
+++ b/scripts/gate-check-commit.sh
@ -70,7 +70,6 @@ iptables -P OUTPUT ACCEPT

 # Bootstrap an AIO
 pushd "$(dirname "${0}")/../tests"
-  sed -i '/\[defaults\]/a nocolor = 1/' ansible.cfg
  ansible-playbook -i test-inventory.ini \
                   -e "${BOOTSTRAP_OPTS}" \
                   ${ANSIBLE_PARAMETERS} \
@ -85,14 +84,11 @@ ln -sf /openstack/log "$(dirname "${0}")/../logs"

 pushd "$(dirname "${0}")/../playbooks"
  # Disable Ansible color output
-  sed -i 's/nocolor.*/nocolor = 1/' ansible.cfg
+  export ANSIBLE_NOCOLOR=1

-  # Create ansible logging directory and add in a log file entry into ansible.cfg
+  # Create ansible logging directory and add in a log file export
  mkdir -p /openstack/log/ansible-logging
-  sed -i '/\[defaults\]/a log_path = /openstack/log/ansible-logging/ansible.log' ansible.cfg
-
-  # Enable callback plugins
-  sed -i 's/^callback_whitelist.*/callback_whitelist = "profile_tasks,human_log"/g' ansible.cfg
+  export ANSIBLE_LOG_PATH="/openstack/log/ansible-logging/ansible.log"
 popd

 # Log some data about the instance and the rest of the system
--- a/scripts/openstack-ansible.rc
+++ b/scripts/openstack-ansible.rc
@ -0,0 +1,42 @@
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+export ANSIBLE_RETRY_FILES_ENABLED="${ANSIBLE_RETRY_FILES_ENABLED:-False}"
+
+export ANSIBLE_INVENTORY="${ANSIBLE_INVENTORY:-inventory}"
+
+export ANSIBLE_LOG_PATH="${ANSIBLE_LOG_PATH:-/openstack/log/ansible-logging/ansible.log}"
+export ANSIBLE_ROLES_PATH="${ANSIBLE_ROLES_PATH:-/etc/ansible/roles:roles}"
+
+export ANSIBLE_LIBRARY="${ANSIBLE_LIBRARY:-/etc/ansible/roles/plugins/library}"
+export ANSIBLE_LOOKUP_PLUGINS="${ANSIBLE_LOOKUP_PLUGINS:-/etc/ansible/roles/plugins/lookup}"
+export ANSIBLE_FILTER_PLUGINS="${ANSIBLE_FILTER_PLUGINS:-/etc/ansible/roles/plugins/filter}"
+export ANSIBLE_ACTION_PLUGINS="${ANSIBLE_ACTION_PLUGINS:-/etc/ansible/roles/plugins/action}"
+export ANSIBLE_CALLBACK_PLUGINS="${ANSIBLE_CALLBACK_PLUGINS:-/etc/ansible/roles/plugins/callback}"
+
+export ANSIBLE_GATHERING="${ANSIBLE_GATHERING:-smart}"
+export ANSIBLE_CACHE_PLUGIN="${ANSIBLE_CACHE_PLUGIN:-jsonfile}"
+export ANSIBLE_CACHE_PLUGIN_CONNECTION="${ANSIBLE_CACHE_PLUGIN_CONNECTION:-/etc/openstack_deploy/ansible_facts}"
+export ANSIBLE_CACHE_PLUGIN_TIMEOUT="${ANSIBLE_CACHE_PLUGIN_TIMEOUT:-86400}"
+
+if [[ "${ANSIBLE_CACHE_PLUGIN}" == "memcached" ]];then
+  if ! echo stats | nc -w 1 $(echo ${ANSIBLE_CACHE_PLUGIN_CONNECTION}|awk -F',' '{print $1}'|sed 's/:/ /') > /dev/null; then
+    export ANSIBLE_CACHE_PLUGIN="memory"
+  fi
+fi
+
+export ANSIBLE_HOST_KEY_CHECKING="${ANSIBLE_HOST_KEY_CHECKING:-False}"
+export ANSIBLE_TIMEOUT="${ANSIBLE_TIMEOUT:-5}"
+export ANSIBLE_TRANSPORT="${ANSIBLE_TRANSPORT:-ssh}"
+export ANSIBLE_SSH_PIPELINING="${ANSIBLE_SSH_PIPELINING:-True}"