Commit Graph

17 Commits

Author SHA1 Message Date
David Stanek
65d620cbb7 Fixes function declarations for bashate
Change-Id: Ie631377de130cf656717fb3c8c74bdff2b8e2120
2015-08-21 11:03:12 +00:00
Andy McCrae
c924a7652f Adjust SSH key creation method for repo servers
This patch ensures that the authorized_keys ansible module, as well as
the built in "generate_ssh_keys" flag for user creation, so that we can
avoid using shell out commands.

Additionally, this moves the key synchronisation to use ansible
variables instead of the memcache server.

Change-Id: I4fe7620cae6bf68f4c0fe248cb1dfa3c24e44110
Closes-Bug: #1477494
2015-07-23 11:45:01 +01:00
kevin
59381b51ff Added apt update tasks to everything using apt
This change adds a specific update task to all tasks that all the
apt ansible module. This change was done to ensure that the cache
is updated as expected when instructed to do so. The reason that
the cache update is being removed from the grouping is because
there is an upstream bug that is effecting the process by which
the apt cache is updated when there is a package list to process
within the same task. The work around to make this function as
expected is to move the update into its own task without a package
list.

Upstream Ansible bug:
  - https://github.com/ansible/ansible-modules-core/issues/1497

Change-Id: Ic06d89a76d772c12888b4bc4bbf147be58b0c150
Related-Bug: 1464771
2015-06-16 13:13:58 -05:00
Justin Shepherd
47c84afe19 Cleaning up doc8 violations.
Change-Id: I6c3f2827ae077d962bc7e8c7a9c0a5e5faa6aac8
2015-06-10 02:09:18 +00:00
Jenkins
403252bbe1 Merge "Change external resources to https where possible" 2015-06-02 11:41:34 +00:00
kevin
e6383147bf Change external resources to https where possible
This change updates all of the external URLs to use HTTPS where
possible. the change will create a more secure deployment by default.

Change-Id: I4d53c021904208bffb0d597c7ae53bbd00f40209
Closes-Bug: 1411331
2015-06-01 09:44:20 -05:00
kevin
125b0d01b0 Updated repo server deps
This updates the deps that need to be on the repo server to ensure
that all of the python sources are built correctly. The additional
packages are in response to an upstream package dep
`python-qpid-proton` which is now requiring these items.

Change-Id: I6d6f70734fd46c4055f49fdf25035d2b4b212414
2015-05-29 05:19:35 -07:00
Jesse Pretorius
c7951c43e2 Add handler flushing to roles that need it
This patch adds handler flushing as the last task in each role to ensure
that there are log files present when the rsyslog client configuration
task is executed a little later in the playbook that consumes the role.

Closes-Bug: #1458822
Change-Id: I92a26b620aa7bc0fbe33175594d37da7d5aca7df
2015-05-26 18:13:55 +01:00
Kevin Carter
3e7666373a Moved the playbook vars to defaults
This change will make it so that the specific versions of OpenStack
package sources can be overridden using hostvars and or a
user_variable. This should assist in the developer case where various
versions of things may be desirable.

Change-Id: I30d84ee6840f224a7687179c522e6e9c38ec58a4
2015-05-14 12:32:36 -05:00
Kevin Carter
f139eb09d4 added role to pin packages
This new role is now providing the ability for a user to pin apt
packages as they see fit. The idea is to allow someone to implement
pinning in a generic way that can be represented as a global variable
or as a hostvar. The new role has been added to all install roles as
a dependency which will allow it to ensure that packages are pinned
everywhere as would be expected.

Change-Id: I354e8515570fa7174366ba57d57aece3c304568e
2015-05-08 13:22:42 -05:00
Kevin Carter
b59c08dd5f Update the tempest install environment
While this should be backported this purpose of this commit
is to unblock gating and provide for the always changing
requirements within tempest while also allowing us to ensure
that we are defcore complaint.

Tempest is not an integrated service within OpenStack and does
not adhere to any given package or requirement set that would
in a real work function with the rest of OpenStack. Because
tempest is intended to be a standalone system that is not
installed along side of the rest of OpenStack it general will
break and or introduce new requirements that break the services
that depend on various versions of packages as found within
global requirements. To fix this issue tempest is now being
installed within a VENV. The virtual environment will ensure
that tempest is installed in a location where it can resolve
its own dependencies without general impact to the rest of the
system.

Additionally, we removed the heat_contrib_extraroute heat
plugin from the build process because its presently
incompatible with PBR >= 0.11.0 which is related to issue
https://bugs.launchpad.net/openstack-ansible/+bug/1450733 .
However we have already built wheels in our repo which will
still allow this contributing plugin to be installed as an
integrated part of the system. Currently, we git clone heat
source onto heat_engine containers and install selected plugins
via a 'python setup.py install'.  This change removes the tasks
that do that and simply adds heat-contrib-extraroute
to heat_pip_packages so it gets installed on all heat-related
containers.  This is actually only required on the heat_engine
containers but the package is tiny and should not cause any issues
being present on the heat_api containers.

Change-Id: Ib972704084ead5748b19362b142fb161fea4a734
2015-05-06 07:46:39 -05:00
Kevin Carter
688516acf0 Lock down PBR to < version 0.11.0
This change was made to ensure that PBR is using version < 0.11.0.
This is because changes in upstream PBR have made it impossible to
build contributing packages in heat and will likely impact other
services until the switch to liberty is in full effect. To ensure
consistent building of OpenStack packages PBR is now being installed
in the repo server containers which will ensure there are no
assumptions being made when creating python packages from OpenStack
contributing sources that may not be as well maintained as others.

Change-Id: I20c216543e63ef142119c2625fb219e030a708dd
Partial-bug: 1450733
2015-05-01 10:53:11 -05:00
Kevin Carter
812b4f9f73 updated swift deps for use in stable/kilo
swift now depends on the package pyeclib which has a library dep
of liberasurecode1, liberasurecode-dev and this commit adds the
libs to the swift install as well as the repo server.

Change-Id: I36ff6354b78faedcfd716f31c53627c1bcb54d78
Partially-Implements: blueprint master-kilofication
2015-04-17 21:46:15 -05:00
Kevin Carter
6832d5dd41 Updated the repo scripts
The playbook `playbooks/repo-clone-mirror.yml` was not cloning the repo
from the upstream mirror correctly it was specifically not respecting
symlinks and in some situations, if the user was using xattrs, hard
links, or acls the clone operation would cause other issues.

The `openstack-branch-grabber.py` was removed as the entire process of
looping through all of the branches and tags and rebuilding all of the
wheels is no longer relevant. As such this process was removed in favor
of forcing the build process to specify a release.

The `openstack-wheel-builder.py` script was updated to enforce the
updating/cloning of the git sources.

Closes-Bug: 1441812

Change-Id: Ibdac88607ffea57ab380f539f3f52346f15792ca
2015-04-11 17:44:59 -05:00
Kevin Carter
d0d76c296c Flake8 update - openstack-wheel-builder.py
This update fixes issues with linting such that it can now pass
OpenStack hacking/flake8 checks.

Change-Id: Ife902fcf356543e00d3cd54af7b640af3314f05f
Partial-Bug: 1440462
2015-04-10 15:04:19 +00:00
Kevin Carter
98b30ac12a Flake8 update - openstack-branch-grabber.py
This update fixes issues with linting such that it can now pass
OpenStack hacking/flake8 checks.

Change-Id: Ib2d8253e428a233a1ff044f72de6702d7f45d86a
Partial-Bug: 1440462
2015-04-07 09:29:08 +00:00
Kevin Carter
8e6dbd01c9 Convert existing roles into galaxy roles
This change implements the blueprint to convert all roles and plays into
a more generic setup, following upstream ansible best practices.

Items Changed:
* All tasks have tags.
* All roles use namespaced variables.
* All redundant tasks within a given play and role have been removed.
* All of the repetitive plays have been removed in-favor of a more
  simplistic approach. This change duplicates code within the roles but
  ensures that the roles only ever run within their own scope.
* All roles have been built using an ansible galaxy syntax.
* The `*requirement.txt` files have been reformatted follow upstream
  Openstack practices.
* Dynamically generated inventory is now more organized, this should assist
  anyone who may want or need to dive into the JSON blob that is created.
  In the inventory a properties field is used for items that customize containers
  within the inventory.
* The environment map has been modified to support additional host groups to
  enable the seperation of infrastructure pieces. While the old infra_hosts group
  will still work this change allows for groups to be divided up into seperate
  chunks; eg: deployment of a swift only stack.
* The LXC logic now exists within the plays.
* etc/openstack_deploy/user_variables.yml has all password/token
  variables extracted into the separate file
  etc/openstack_deploy/user_secrets.yml in order to allow seperate
  security settings on that file.

Items Excised:
* All of the roles have had the LXC logic removed from within them which
  should allow roles to be consumed outside of the `os-ansible-deployment`
  reference architecture.

Note:
* the directory rpc_deployment still exists and is presently pointed at plays
  containing a deprecation warning instructing the user to move to the standard
  playbooks directory.
* While all of the rackspace specific components and variables have been removed
  and or were refactored the repository still relies on an upstream mirror of
  Openstack built python files and container images. This upstream mirror is hosted
  at rackspace at "http://rpc-repo.rackspace.com" though this is
  not locked to and or tied to rackspace specific installations. This repository
  contains all of the needed code to create and/or clone your own mirror.

DocImpact
Co-Authored-By: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Closes-Bug: #1403676
Implements: blueprint galaxy-roles
Change-Id: I03df3328b7655f0cc9e43ba83b02623d038d214e
2015-02-18 10:56:25 +00:00