There is mirror_fqdn that, if defined, overrides mirrors used for
packages and also mirrors for pypi. This is generally incorrect,
if one wants to use different mirrors for packages vs pypi eggs.
Add pypi_fqdn that defaults to mirror_fqdn, which allows users
to go with a custom pypi_mirror. Make pypi trusting the given
pypi_fqdn value instead of generally unrelated mirror_fqdn.
Change-Id: I12975b57951699351cfc0d40beaeb7c703651dd0
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
This is a bit of a hack, but allows installation of openvswitch for
testing the multinode roles. Official CentOS 8 RDO builds are still a
work in progress, but this will let us get a head-start on any
multi-node testing.
Change-Id: I2eb1a16e9995a19d61e309aa59b232577184b527
We install pydistutils.cfg to catch legacy cases where people
are doing things with easy_install. That code path is not
desirable and increasingly broken, as support for things like
allow-hosts is dropped upstream.
Stop installing the file. This will mean people using easy_install
won't get the benefit of the mirrors, but they shouldn't be
using easy_install anyway.
Remove pydistutils.cfg if it's there
Make sure we don't have any pydistutils.cfg around.
Change-Id: I24a05f456f87bd4cb57ebf89d4245477bf675f97
This is required in order to perform port forwarding when running
rootless.
Again, unclear why this isn't required in the package.
Change-Id: I61964a23ce7c80b1af149cb7f98897367e970d45
This package is required in order for UID mapping in rootless
operation to work. It is unclear why it isn't specified as a
dependency.
Change-Id: I7dd22b683c2fed9921de39a474de3bd9f2c3b0d4
Adds jobs to test and build go packages.
Adds a role to download and install go from
the official download page (https://golang.org/dl/).
Adds a role to run commands with go e.g build, test, run.
Change-Id: Iad2d877fffa2530e9fdeec648a60755a80cf01f4
Nova has switched to Python 3 only but devstack has not caught up (see
[1]). Switch on Python 3 here; it will soon be the default and we can
shake out any errors before that.
[1] https://review.opendev.org/694891
Change-Id: Idf26a7af08219421c1a6cc381317e59fb6950b86
Show full version details of install. This can be useful when you're
trying to decide what features you may or may not have.
Change-Id: Iedc6aa1b73b0e7d7612c27d890273e84d4d04a22
The "Start the buildset registry" task, which uses the
docker_container Ansible module, was failing with:
"No module named 'requests'"
This is because the earlier package install task was installing
the packages into the wrong python version because the
ansible_python_interpreter value was 'auto' and thus never
included the 'python3' value.
Change-Id: I887fdf8d000c8b916fdab281c531b7c98bdd5ae2
This implements the production change
I98c80f657f38c5e1ed5f28e5d36988a3429ad1f8 in the test role. Review
comments should be left there; we can merge this and then parent a job
to base-test to test it.
Change-Id: Id91350ff1c531fd7266f3bf76681a8415941481f
By doing this, we're not constrained about where to run the uploader
while still providing some useful testing in dry-run mode.
Change-Id: Ie4888606a8ca4ffe2eb99ddbbcd9d5cee8ceec44
We don't need to be explicit, ssh-keygen will pick a good size for us.
Meanwhile, 1024 bit keys are generally seen as security problems and
thus ring bells and are refused by some servers/services.
Change-Id: Iaea82e0b394a5a6b1da3b59637fc4e0f541e1978
If we want to run a second registry on a different port, we'll need
a different name for the docker container.
Change-Id: I887d9015c0d21e6d7f95379e6fa7fb4211e58d3d
This will allow us to run the role twice on the same host. This
will be useful when we test changes to this role.
Change-Id: I97baeb3172298648bcfef26c5be635ad4be036f0
The proxy functionality is no longer needed so it is removed.
Change-Id: I29ff75d331b433ea4ad3b66ed723eee14a90b404
Depends-On: https://review.opendev.org/689829
Change new variable zuul_additional_subunit_dirs to
fetch_subunit_output_additional_dirs to name it after the role.
Change-Id: I7ac0b5d343701409a8741439334fe27f5374a258
Per settings mentioned at: https://minikube.sigs.k8s.io/docs/tasks/debug/
The current logging level is very minimal for tracking down any
potential k8s issues.
Change-Id: I4ebd694481de936f9df790a46e195b251a803c5f
In addition to the main subunit file from zuul_work_dir,
collect the subunit files from the elements (directories)
of the zuul_additional_subunit_dirs list.
The default behavior is unchanged.
While the documentation of this role states that zuul_work_dir
contains an absolute path, this is not always true.
So make sure to not make any assumption about zuul_work_dir
in order to not fail spectacularly as it happened with the
previous patch[0].
Add also some tests for the role: both the basic case
and with an additional test directory.
[0] https://review.opendev.org/673885
Change-Id: Iabf2e0cf6d86e36a174778367186bbd39a65c3dd
This keeps each platform's "/etc" template files in a separate
top-level directory.
Additionally, we add a distro major version match to the task import
and rename centos7 (in preparation for centos8).
Change-Id: If65d51a27e30311b1da20522afb6dbce7ee6cf35
We've discovered that rackspace swift seems to always want to gzip
encode files when clients request their contents. When our files are
deflate encoded this results in files that are first deflate encoded
then gzip encoded. Not all browers or layer 7 firewalls can handle this
(despite being perfectly valid according to the HTTP RFCs). We'll use
gzip to see if that causes rackspace to not double encode the files.
To do this with memory efficienty we vendor a tool from pypi called
gzip-stream which allows us to read chunks of the compressed data at a
time without loading the entire file into memory or writing multiple
gzip headers in a single file.
Change-Id: I9483cfdbd8e7d0683eeb24d28dd6d8b0c0e772fa
This creates a testing role for upload-logs-swift so that we can test
chagnes to this role before moving them into the production role.
Change-Id: If55b0e2809d9309bc98e6763da32219d996dbfa4
We continue to see the odd task rc of -13 when running iptables-save to
store persistent set of firewall rules. Switch to shell to give us a bit
more debugging freedom if necessary (and to rule out the command
module).
Change-Id: I0c0208101cad985d4113de6b636c3816613b778c
This reverts commit 46b7b6e1c98a8b12647be4b30b5b54405379d6ec.
This didn't end up changing the incidence of the iptables-save command
task failures.
Change-Id: I02e725d7330bc9b438a9864ea49510cca7fee524
The href url paths need to have quoted filenames to handle cases where
filenames have special characters like : in them.
Change-Id: I0bc0de8d27c6e45c4a6b8841985b8265f0219df2
Previously to persist the filewall we were including the
persistent-firewall role. This seems to occasionally break because the
second invocation of the role (on multinode jobs after setting up the
multinode bridge) fails with an RC of -13 when listing ipv4 iptables
roles. Then when we try to write them to disk the variable is empty.
One thought is that dynamically loading the role multiple times may be
confusing ansible. Use import_role to statically load the role instead
and see if this helps.
Change-Id: I2458f8eb4c2e4638336fa14e436e13b5a2263cce
In openSUSE Tumbleweed, the SuSEfirewall2 package was removed in favor
of firewalld[1]. This commit updates the iptables persistance tasks to
avoid using SuSEfirewall2 and instead use rc.local to restore saved
rules upon restart, and undefines the iptables_service variable for SUSE
since there is no service to restart any more. See the related change
for image builds[2].
[1] https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html
[2] https://review.opendev.org/683236
Change-Id: I0f8d74dd00df192c20b96a9368b964839c306171
The argument here is an integer "limit", not the exception.
I think that we only notice this on Python 3 because of exception
chaining. It causes a real failure though because the exception
handler that is meant to fall into "pass" raises another exception
when ipv6 doesn't work.
Change-Id: I0908a0a3dbb2356caabbffd062379751a0b61c41
