In order to ANSIBLE_INJECT_FACT_VARS=False we have to use ansible_facts
instead of ansible_* vars. This change switches our distribution and
hostname related items to use ansible_facts instead.
Change-Id: Id01e754f0cf9f6e98c02f45a4011f3d6f59f80a1
Related-Bug: #1915761
When priviledge mode is set, don't add any capabilities as they
are included.
Use 1.6.4 podman because 2.0.5 rootless doesn't work with
systemd [1]
Disable Selinux on host.
[1] https://github.com/containers/podman/issues/8965
Closes-Bug: #1910970
Change-Id: I73ac1c405e8a3539937a5578bb003cba0b935d94
We currently forcefully install pacemaker + pcs in a number of upgrade
tasks. This is suboptimal because on certain nodes pcs/pacemaker repos
are not enabled. Let's let puppet pull in those packages normally.
Tested this during a queen -> train FFU successfully on a composable
roles environment.
Closes-Bug: #1911684
Change-Id: I70d8bebf0d6cbaeff3f108c5da10b6bfbdff8ccf
This change converts our use of CentOS7/88 to UBI8, which should
provide a better test environment which will match that of
production for future releases of TripleO. While this image change
will better match production clouds thanks in large part to TCIB,
it will also remove our use of docker.io (dockerhub) which fraught
with peril due to the ongoing API rate limits saga.
Story: 2006061
Task: 34774
Change-Id: I067046e5fd4d56cd88712f553e25a61db60ced7f
Signed-off-by: Kevin Carter <kecarter@redhat.com>
This change will enable or disable no_log and debug options whenever the
verbosity is set to an integer greater than 2. This will ensure operators and
deployers are best equipped to troubleshoot issues by dynamically providing
additional data in an expected way. To ensure we're able to differentiate
between output masking and security masking, two options were used to enable or
disable no_log across our roles and playbooks.
> All debug options, without security implications, will now react to the
`ansible_verbosity` built in by default. Changes have been made to our
skeleton role to ensure this is enforced on all new roles created going
forward.
> An additional prefixed role option, `*_hide_sensitive_logs`, has been added to
allow operators to easily toggle sensitive output when required. The role
prefixed variables will respond to the global option `hide_sensitive_logs` as
defined in THT which will ensure a consistent user experience.
Depends-On: I84f3982811ade59bac5ebaf3a124f9bfa6fa22a4
Change-Id: Ia6658110326899107a0e277f0d2574c79a8a820b
Signed-off-by: Kevin Carter <kecarter@redhat.com>
The current regex will match more than one package if the
openvswitchX.YZ-test package is installed.
eg:
rpm -qa | awk -F- '/^(openvswitch[0-9]+\.[0-9]+-|openvswitch-2)/'
openvswitch2.11-test-2.11.0-35.el7fdp.noarch
openvswitch2.11-2.11.0-35.el7fdp.x86_64
The right package to find has the form: openvswitchA.BC-A.BC.D-
So we change the regex to only match if it has that form.
rhbz#1826367
Change-Id: I91be2f3fe989ec9bd5619bcc1e441a72af9c8566
This change updates all uses of docker to podman and removes our docker
installation process from zuul and our local test process. Some container
based tests have been moved to "delegated" becuase they no longer make
sense to run in a container and the hacks needed to maintain the container
based testing are not worth maintaining for podman.
Change-Id: I02de94a1229bfa847f14ecf282eadbcfe6396875
Signed-off-by: Kevin Carter <kecarter@redhat.com>
- octavia_controller_post_config: remove "ignore_errors: true". It's not
supposed to be needed, since there is already a
"failed_when: config_contents.rc != 0" which knows when to fail.
- octavia_undercloud, tripleo_cellv2, tripleo_ceph_common,
tripleo_container_manage, tripleo_packages and tripleo_puppet_cache:
replace "ignore_errors: true" by "failed_when: false" for debugging
experience. We know the tasks can fail and we don't care, let's just
not show them as failures in that case and force the task to never
fail.
- tripleo_podman: instead of ignoring errors, check if the config file
actually exists before wipping it out.
Change-Id: Ib3716e4823735a9db9bd3cac33b8daf0e5f3d186
Mount mirrors file into molecule containers if docker driver is
used, otherwise use hosts mirrors file.
Change-Id: I179004fde7587a81eb87f3cc477870b4b48bd83e
This change replaces all of the roles references in our various files with the
new role name. This is being done because Ansible no longer allows hyphens in
role names.
Change-Id: Ie899714aca49781ccd240bb259901d76f177d2ae
Signed-off-by: Kevin Carter <kecarter@redhat.com>
All roles that have a hyphen in them need to be renamed to use an
underscore. This change creates a symlink to all roles using their
original name which will ensure we maintain compatibility with
the rest of the TripleO stack. This is being done because roles with
hyphens are no longer valid within collections.
A temp PBR update has been made to accomodate all of the symlinks to
the legacy role names.
[0] https://docs.ansible.com/ansible/devel/dev_guide/developing_collections.html#roles-directory
Change-Id: Id00a3670351990e5489a297c4c7200f8c05af096
Signed-off-by: Kevin Carter <kecarter@redhat.com>
Alex Schultz
Sagi Shnaidman
Michele Baldessari
Kevin Carter
Jesse Pretorius (odyssey4me)
Bogdan Dobrelya
Sorin Sbarnea
Emilien Macchi