When running bootstrap-aio.sh twice with latest ansible runs OR when
providing your own resolvers from inside a unicode file, the
lxc_cache_resolvers will be generated as this:
lxc_cache_resolvers: [u'nameserver1',u'nameserver2']
This commit fixes this behaviour, and allow provided lxc_cache_resolvers
into CLI, from a file, or generated from hosts (when not set).
Change-Id: I6cb34e1a922d374ddccc37fd7bf0fd5ff9e14b88
Signed-off-by: Jean-Philippe Evrard <jean-philippe@evrard.me>
To speed up an AIO build when *not* executed in the OpenStack-CI gate,
this patch determines the fastest available wheel mirror and includes
it as an extra pip index.
This speeds up the repo build process by ensuring that the wheels do
not need to be built locally, but can simply be downloaded from the
mirror.
The patch also includes some clean up which was left out of
I73fa1db5210f02d6df9dc324f8b4ec21232d06ba relating to apt conf files.
Change-Id: I56f7c8520cc6cec74df5ca8611d988039184efbb
With the implementation of I420382fd3bbbb5fcae90ae0c6160233202a1a51a
the container cache apt configurations are no longer used or
necessary.
This patch removes them.
Change-Id: I73fa1db5210f02d6df9dc324f8b4ec21232d06ba
This patch adds the initial support for the ironic role in
openstack-ansible, but leaves ironic unconfigured and not
installed by default.
Configuration, including Nova configuration, will be addressed in
subsequent patches.
Change-Id: Id9f01deb5c46ee2186b9c41c7f88205560b5f437
Depends-On: Ide66c7ee59192ac441ac2919028eca0ad665ceea
Depends-On: I590f5ade90b3e37af7f1b8ee333000d4f993f8c5
Partially-implements: blueprint role-ironic
Signed-off-by: Michael Davies <michael@the-davies.net>
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This is to avoid IP clashes between instances and the host. In an AIO
scenairo the host br-vlan bridge has 172.29.248.100 which is within the
cidr allocated to instances. This patch specifies an allocation pool:
172.29.249.110-172.29.249.200 which doesn't conflict with any
statically allocated IPs in the AIO config.
Change-Id: If330c94025dd21229a34aa03d1ca3a75b3a3ea8c
Informal-Dependency: Ia58a6447ef28ba5d4ae2a2ac769ad0cc287f448d
Partial-Bug: #1564491
OpenStack-CI implements a global pip configuration which configures
the use of the OpenStack pypi and wheel mirrors.
This patch implements a check for a global pip configuration file,
then adds this file to the list of files to be copied into the
container cache so that all containers have the configuration.
While most containers end up with a localised pip configuration
which locks them down to the repo server (which will ignore the
glocal config), this is very useful for the repo server which
does not get locked down.
Change-Id: I1058b68f2281c5152fcd4b880fa21121716bc05c
In I02b69cf5985e8788513db58f7e8015f8135b9d58 the Glance Store
for Swift was appropriately configured to work with the Keystone
v3 API and in the new expected way for the Glance Swift Store to
be configured for Mitaka.
This patch returns the default AIO to use Swift as the backing
store for Glance.
Change-Id: Iec233f990bd032fb29f633d74137c29bc89f63f5
Closes-Bug: #1561947
Add the var bootstrap_host_mongodb_users to allow the MongoDB user
creation tasks in the bootstrap-host role to be skipped using the
BOOTSTRAP_OPTS environment variable defined in the script
bootstrap-aio.sh.
The default value for bootstrap_host_mongodb_users is the value of
bootstrap_host_mongodb_service.
Without this change setting bootstrap_host_mongodb_service=no causes the
bootstrap-host role to fail on the task 'Add ceilometer database user'.
Change-Id: Iab30ed29f1bc1a922e5adf89b1057c598ec067e3
This patch includes updates of all SHA's and pip, wheel and setuptools
pins.
Due to Bug #1561947, the backend glance store has been changed from swift
to file in the AIO gate. This has been done becuase the glance store project
has an issue with session that causes it to be incompatible with swift. Being
that the master integration gate is depending on this change to go it is
needed to temporarily disable the swift image store in glance until this issue
is fixed.
The branch updater sciprt was modified to search for and update roles if they're
found within the default or user provided role path. This change is resolving
bash errors that happen when the script is run in mitaka+.
Related-Bug: 1561947
Change-Id: I2e09e3e0abb61f5e97e2af7b283f0aed6dadd853
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
All of the group, host and container mapping per service that
it used to do has since been refactored into per-service files
in the etc/openstack_deploy/env.d directory.
Removing this file, the accompanying documentation and the
logic within the dynamic inventory script should help remove
some complexity for deployers and project maintainers.
Change-Id: Ie8bedca2ca047ebddac32189e85cb201601d068c
This patch ensures that if the host is set to bootstrap with a different
set of components to the default, all containers will have the same set
of components.
Change-Id: I280ea0fc200450e5e4fc3147dbee353775e76df0
re: http://lists.openstack.org/pipermail/openstack-dev/2016-February/086295.html
OpenStack-CI has now implemented their own APT mirrors which are updated and
synchronised properly to prevent issues when the update takes place between
the time an instance does an 'apt-get update' and an 'apt-get install'.
Now that this infrastructure is in place, we can remove our logic to determine
the optimal apt source for gating and simply fall back to the default AIO
behaviour which is to use whatever is configured on the host.
In order to do this successfully the AIO needs to ensure that it has the
appropriate configurations in place to ignore unauthenticated packages.
This patch implements a full propogation of all files in
/etc/apt/apt.conf.d/ from the host to all containers in order to ensure
that any configurations implemented by OpenStack-Infra are used from
now on in our Gate jobs.
Change-Id: Id6c2be3cf57b7c49744156a943f9653c1575e3dd
Currently we choose the largest available disk as the data disk, however
this may be too small to be useful. This patch checks disqualifies disks
that are smaller than the minimum.
It also sets the minimum to the proper value of 60GB free on the root
disk or 60GB available on the designated secondary disk. The previous
check was 60GB on root and 80GB on the secondary disk which is not
the intented check as noted in the documentation.
Change-Id: Id225dc55068e1eed2e19e1e27b0f626163f03db2
re: http://lists.openstack.org/pipermail/openstack-dev/2016-February/086000.html
Ubuntu has 4 different 'components' - main, universe, multiverse and
restricted:
- Main: Officially supported software.
- Restricted: Supported software that is not available under a completely
free license.
- Universe: Community maintained software, i.e. not officially supported
software.
- Multiverse: Software that is not free.
Practically speaking there should be nothing particularly useful to
OpenStack-Ansible in Restricted or Multiverse - it's mostly software for
desktop users.
This patch introduces a new variable 'bootstrap_host_apt_components'
which is a list of the components to configure in the apt sources list. The
default list does not include the unnecessary components.
Change-Id: I4171453cd2fb25d8867bb2dc8fc0337eb82d032e
Use bootstrap_host_loopback_swift_size instead of
bootstrap_host_loopback_cinder_size in "Create sparse Swift files".
Change-Id: I1f795e65f9e68f053251ef2d2ce802233ff4cf33
This commit adds a new variable `tempest_service_available_aodh` to the
tempest role and adds a new function to openstack_tempest_gate.sh.j2 to
run telemetry tests. We then update run-tempest.sh to also run the
telemetry tests.
At present we run all telemetry tests, but this is only ~ 9 tests which
complete very quickly. In future we may want to be more limited to
what we run but it would be best to have someone with ceilometer
knowledge determine which those should be.
Change-Id: I8842e60c3c50f774119c8219f224069ff32394f8
So keystone will emit notifications to the
messaging queue in a way supported by ceilometer
Change-Id: Ibf6bbd50d58e67b0bf5abbfb1b111a9ed92a18ac
Closes-Bug: #1523932
This patch adds a configurable option for deployers to apply security
hardening by adjusting apply_security_hardening to true within
the user_variables.yml file. In addition, security hardening is enabled
on AIO builds by default.
Documentation about the security role and how to enable it are also included
in this patch.
Implements: blueprint security-hardening
Change-Id: Ic05ab7eacd6a1966814764b8290817fb78732758
Previously the check-requirements role would assume GB as the unit
of space when gathering disk sizes from ansible_devices. With
drives larger than 1 TB ansible_devices reports the size as a
float. This converts all disk sizes to bytes for consistency within
the comparisons regardless of the size of the disk.
Change-Id: I07b81a8a35197f73cd338fa02cb7b112df15a012
Closes-Bug: 1536726
The different cloud providers for OpenStack-CI sometimes make use of
hardware which libvirt does not appropriately map. This results in
gate check failures as the nova scheduler is unable to find a
suitable host on which to build the test VM's.
This patch implements an extra set of tasks into the bootstrap
process which adjusts the libvirt cpu map to resolve this issue.
Implements: blueprint gate-split
Change-Id: I666f53e01066bf8bff4d28fa012eadae7c958116
This patch converts the AIO bootstrap process to use Ansible
instead of bash scripting. The patch also minimises the options
available to focus the role concerned to just handle an AIO
bootstrap, but gives it just enough flexibility to allow the
use of an external MongoDB database for Ceilometer/Aodh and
for a deployer to specify a secondary disk for the AIO to
consume.
A major change is that the AIO bootstrap process no longer
assumes that it can destroy a secondary boot device. It
requires a device name to be provided. This prevents horrible
surprises.
TODO (in subsequent patches):
- update the developer AIO docs
- convert run-playbooks.sh into an Ansible playbook
Implements: blueprint convert-aio-bootstrap-to-ansible
Co-Authored-By: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Change-Id: I6028952e7260388873f57db47cc3e08126ecc530