This patch ensures that the authorized_keys ansible module, as well as
the built in "generate_ssh_keys" flag for user creation, so that we can
avoid using shell out commands.
Additionally, this moves the key synchronisation to use ansible
variables instead of the memcache server.
Change-Id: I4fe7620cae6bf68f4c0fe248cb1dfa3c24e44110
Closes-Bug: #1477494
This change adds a specific update task to all tasks that all the
apt ansible module. This change was done to ensure that the cache
is updated as expected when instructed to do so. The reason that
the cache update is being removed from the grouping is because
there is an upstream bug that is effecting the process by which
the apt cache is updated when there is a package list to process
within the same task. The work around to make this function as
expected is to move the update into its own task without a package
list.
Upstream Ansible bug:
- https://github.com/ansible/ansible-modules-core/issues/1497
Change-Id: Ic06d89a76d772c12888b4bc4bbf147be58b0c150
Related-Bug: 1464771
This change updates all of the external URLs to use HTTPS where
possible. the change will create a more secure deployment by default.
Change-Id: I4d53c021904208bffb0d597c7ae53bbd00f40209
Closes-Bug: 1411331
This updates the deps that need to be on the repo server to ensure
that all of the python sources are built correctly. The additional
packages are in response to an upstream package dep
`python-qpid-proton` which is now requiring these items.
Change-Id: I6d6f70734fd46c4055f49fdf25035d2b4b212414
This patch adds handler flushing as the last task in each role to ensure
that there are log files present when the rsyslog client configuration
task is executed a little later in the playbook that consumes the role.
Closes-Bug: #1458822
Change-Id: I92a26b620aa7bc0fbe33175594d37da7d5aca7df
This change will make it so that the specific versions of OpenStack
package sources can be overridden using hostvars and or a
user_variable. This should assist in the developer case where various
versions of things may be desirable.
Change-Id: I30d84ee6840f224a7687179c522e6e9c38ec58a4
This new role is now providing the ability for a user to pin apt
packages as they see fit. The idea is to allow someone to implement
pinning in a generic way that can be represented as a global variable
or as a hostvar. The new role has been added to all install roles as
a dependency which will allow it to ensure that packages are pinned
everywhere as would be expected.
Change-Id: I354e8515570fa7174366ba57d57aece3c304568e
While this should be backported this purpose of this commit
is to unblock gating and provide for the always changing
requirements within tempest while also allowing us to ensure
that we are defcore complaint.
Tempest is not an integrated service within OpenStack and does
not adhere to any given package or requirement set that would
in a real work function with the rest of OpenStack. Because
tempest is intended to be a standalone system that is not
installed along side of the rest of OpenStack it general will
break and or introduce new requirements that break the services
that depend on various versions of packages as found within
global requirements. To fix this issue tempest is now being
installed within a VENV. The virtual environment will ensure
that tempest is installed in a location where it can resolve
its own dependencies without general impact to the rest of the
system.
Additionally, we removed the heat_contrib_extraroute heat
plugin from the build process because its presently
incompatible with PBR >= 0.11.0 which is related to issue
https://bugs.launchpad.net/openstack-ansible/+bug/1450733 .
However we have already built wheels in our repo which will
still allow this contributing plugin to be installed as an
integrated part of the system. Currently, we git clone heat
source onto heat_engine containers and install selected plugins
via a 'python setup.py install'. This change removes the tasks
that do that and simply adds heat-contrib-extraroute
to heat_pip_packages so it gets installed on all heat-related
containers. This is actually only required on the heat_engine
containers but the package is tiny and should not cause any issues
being present on the heat_api containers.
Change-Id: Ib972704084ead5748b19362b142fb161fea4a734
This change was made to ensure that PBR is using version < 0.11.0.
This is because changes in upstream PBR have made it impossible to
build contributing packages in heat and will likely impact other
services until the switch to liberty is in full effect. To ensure
consistent building of OpenStack packages PBR is now being installed
in the repo server containers which will ensure there are no
assumptions being made when creating python packages from OpenStack
contributing sources that may not be as well maintained as others.
Change-Id: I20c216543e63ef142119c2625fb219e030a708dd
Partial-bug: 1450733
swift now depends on the package pyeclib which has a library dep
of liberasurecode1, liberasurecode-dev and this commit adds the
libs to the swift install as well as the repo server.
Change-Id: I36ff6354b78faedcfd716f31c53627c1bcb54d78
Partially-Implements: blueprint master-kilofication
The playbook `playbooks/repo-clone-mirror.yml` was not cloning the repo
from the upstream mirror correctly it was specifically not respecting
symlinks and in some situations, if the user was using xattrs, hard
links, or acls the clone operation would cause other issues.
The `openstack-branch-grabber.py` was removed as the entire process of
looping through all of the branches and tags and rebuilding all of the
wheels is no longer relevant. As such this process was removed in favor
of forcing the build process to specify a release.
The `openstack-wheel-builder.py` script was updated to enforce the
updating/cloning of the git sources.
Closes-Bug: 1441812
Change-Id: Ibdac88607ffea57ab380f539f3f52346f15792ca
This update fixes issues with linting such that it can now pass
OpenStack hacking/flake8 checks.
Change-Id: Ife902fcf356543e00d3cd54af7b640af3314f05f
Partial-Bug: 1440462
This update fixes issues with linting such that it can now pass
OpenStack hacking/flake8 checks.
Change-Id: Ib2d8253e428a233a1ff044f72de6702d7f45d86a
Partial-Bug: 1440462
This change implements the blueprint to convert all roles and plays into
a more generic setup, following upstream ansible best practices.
Items Changed:
* All tasks have tags.
* All roles use namespaced variables.
* All redundant tasks within a given play and role have been removed.
* All of the repetitive plays have been removed in-favor of a more
simplistic approach. This change duplicates code within the roles but
ensures that the roles only ever run within their own scope.
* All roles have been built using an ansible galaxy syntax.
* The `*requirement.txt` files have been reformatted follow upstream
Openstack practices.
* Dynamically generated inventory is now more organized, this should assist
anyone who may want or need to dive into the JSON blob that is created.
In the inventory a properties field is used for items that customize containers
within the inventory.
* The environment map has been modified to support additional host groups to
enable the seperation of infrastructure pieces. While the old infra_hosts group
will still work this change allows for groups to be divided up into seperate
chunks; eg: deployment of a swift only stack.
* The LXC logic now exists within the plays.
* etc/openstack_deploy/user_variables.yml has all password/token
variables extracted into the separate file
etc/openstack_deploy/user_secrets.yml in order to allow seperate
security settings on that file.
Items Excised:
* All of the roles have had the LXC logic removed from within them which
should allow roles to be consumed outside of the `os-ansible-deployment`
reference architecture.
Note:
* the directory rpc_deployment still exists and is presently pointed at plays
containing a deprecation warning instructing the user to move to the standard
playbooks directory.
* While all of the rackspace specific components and variables have been removed
and or were refactored the repository still relies on an upstream mirror of
Openstack built python files and container images. This upstream mirror is hosted
at rackspace at "http://rpc-repo.rackspace.com" though this is
not locked to and or tied to rackspace specific installations. This repository
contains all of the needed code to create and/or clone your own mirror.
DocImpact
Co-Authored-By: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Closes-Bug: #1403676
Implements: blueprint galaxy-roles
Change-Id: I03df3328b7655f0cc9e43ba83b02623d038d214e