| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
We are seeing issues with selinux enabled from time to time. Having
selinux enabled has proven to be rather unstable and Centos7 not being
a gate on upstream bifrost does not help in fully testing this scenario.
As such, the best we can do right now is to disable selinux until Centos7
becomes a gate upstream.
Change-Id: I93a3414cfebc3c3ef4ac063c8e623f36f615455f
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
Change-Id: I71280521df7727747daf47b662356292164a076e
Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
|
|
Using tmpfs seems somewhat unstable. For example the following
error is observed on openSUSE hosts
ERROR: failed to umount the /tmp/dib_image.RJBbahUd tmpfs
As such, we set the dib_notmpfs variable to 'true' which mimics what
upstream OpenStack scripts are doing already in
project-config:tools/build-image.sh
Change-Id: If050ab70303b3556fc1880a956f0ba1505d62050
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
These packages are needed by pw-token-gen.py tool
Change-Id: Ib9d165274449551a469e201da9feeffac5a7a4cf
Signed-off-by: Juan Vidal Allende <juan.vidal.allende@ericsson.com>
|
|
Commit 68412ffc734e ("prototypes: xci: xci-deploy.sh: Append trailing
slash for rsync vars") modified xci-deploy.sh script to append a
trailing slash to the devel variables but it broke the script when
one of these variables was not set (since we run with 'set -eu') with
the following error:
./xci-deploy.sh: line 45: !local_user_var: unbound variable
Fixes: I0103b754585931fa1dcd3966c52d7e4a8f2f63f6
Change-Id: Ic2465ff07348b61e74e191516425cd10d80c1fce
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
The 'synchronize' Ansible module uses rsync and for that we need
to indicate that we want to copy the contents of the development path
and not the development path itself. As such we need to ensure that a
trailing slash is always appended to the user variables but we need to
also ensure that we will not end up with double slashes.
Change-Id: I0103b754585931fa1dcd3966c52d7e4a8f2f63f6
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
Change-Id: I56c727c242b6826f87a64246b6b4736a637c1abe
Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
|
|
Update the dates in the pinned-versions file whenever we update
the SHAs.
Change-Id: I23ebd90a3fc688a7501fcb2d32217357f8c31657
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
Add a second optional argument to update the bifrost SHA instead of
doing this bit manually.
Change-Id: I0fab8745ae08ad4f54a2a1f5b0b7a64fde4b8295
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
This also updates the second (pre_release) argument of
'update_ansible_role_requirements' from 'false' to 'true' so that
non-openstack roles can be updated as well.
Change-Id: Id424499f44c9b51c02d56e5d93580faeea50ad12
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
Explain the usage of OPNFV_RELENG_DEV_PATH
Change-Id: I19e3946c9ea78a6bb0521818b58af297a396d80d
|
|
Update bifrost SHA to 7c9bb5e07c6bc3b42c9a9e8457e5eef511075b38
which is the current HEAD on 16th of June 2017.
Change-Id: I91cd98221fda7a1dd689abbfbf07474bd8aac4e1
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
Add new prototypes/xci/scripts/update-osa-version-files.sh which can be
used to update the XCI ansible-role-requirements.yml file as well as the
OSA pinned SHA string. This file is using the upstream
'sources-branch-updater-lib.sh' library from the openstack-ansible
repository.
Change-Id: I51b88c50cb2bffe0cf1b7aa054a5b237103fd92f
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
Upstream commit 2798cf403c47d165cd8d34d7888990dce1f827f8 ("Use new
ansible-hardening role") added the new 'ansible-hardening' role to the
ansible-role-requirements.yml file and as such we also need to take that
into consideration. The sha hash does not matter much at this point
since it will be fixed the next time we tag all the roles.
Change-Id: I5444af948e2b83de49863e7e28f3918fed88c90d
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
This will allow to define the XCI_EXTRA_VARS_PATH, that can
contain group_vars/all (or any other valid files), and those
will be copied inside releng and bifrost playbooks.
Change-Id: I95e4b0bfb67f26bfa1eb10c97096784eb7f3a87a
Signed-Off-By: Yolanda Robla <yroblamo@redhat.com>
|
|
In order for XCI to work, the user needs to have a ssh key. Explain
that on the README and show the command to generate it.
Change-Id: I517e15de15ba1b09977dbd62881bc2625c8b2833
|
|
The CLEAN_DIB_IMAGES variable determines whether the /httpboot
or /tftpboot directories will be removed before running the xci-deploy
script. This forces XCI to re-create the target OS images. We moved
this variable from env-vars to user-vars since this is something that
users normally want to tweak in their deployments.
Change-Id: Ia48bd63979e3837aab7e47c906c2501e7c7dd0e1
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
Switch default target OS to Ubuntu Xenial (16.04) which is also
the version which is supported by OpenStack Ansible.
Change-Id: I73adc6472b0fb572177e1508cf831b4d3190245c
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
Currently ansible was set to be installed with pip, but
this fails for non-root user. Instead of that, execute
pip with --user flag, so we don't need root permissions and it
is only installed for the current user.
Change-Id: Ib37a2a3866b4b48aca834b894cdd128ee63b31d6
|
|
The script was refactored to don't need sudo on the
latest versions, and the documentation is still referencing it.
Change-Id: I7064317ab7b756a78638f7474f2944472d3a4ba2
|
|
We no longer run everything as root so we need to look for SSH keys
in the appropriate home directory.
Change-Id: Iae1f7eb80059e7d369c8e0c8b6c33c6a4f673f94
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
Putting the host keys in '/' requires root privileges so
it's best if we place them in the same directory like the
rest of the XCI files.
Change-Id: I030ed3d6cbb57bb984a78aeffb4eca2bd5c10bb0
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
When developing XCI features it's useful to be able to use the local
repositories rather than cloning them from git since that makes
it harder to test local modifications against XCI. As such, we add
three new variables which can be used to hold local paths to the
bifrost, releng and openstack-ansible repositories. We are still
cloning the repositories but we then use the 'synchronize' Ansible
module to copy modified files from the local repositories.
Change-Id: I6d593ea48d8b9c51415d9d0848f77a498ef2f486
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
The only reason we had this file was because we had to define our own
'ssh_public_key_path' variable to look in the /root directory since we
were running everything as root. Since we are now moving away from this
approach, this file is not needed anymore.
Change-Id: Ic938c4c8c877c95ce261721dc32fc5147081e236
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
Since we are operating on localhost, there is no need to do that via ssh
so we use 'connection: local' instead. Moreover, we do not need to
execute everything as root so we drop the remote user directive.
Change-Id: Ib2127edad29e2da1cd1beebf42cb8f0d278ce3ad
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
There is no need to provision VM nodes as root. The only thing that we
need to run as root is the destroy-env.sh script and for that we move
it to its own play so we can use Ansible's become directive. Moreover,
since this playbook operates on localhost we can use 'connection: local'
so we don't have to execute everything via ssh and possibly speed up
the whole process.
Change-Id: Ia9efd5f30e95385b5cf193dde352f93551846c0e
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
Having everything in the /opt implies root privileges. However, xci
should work as normal user and as such we use the /tmp directory as
the root directory.
Change-Id: I985ded289208e1de53ad0ba878afd5bfd745c3fd
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
In preparation for running xci-deploy as normal user, we do not need to
gain elevated privileges in order to connect to remote hosts. SSH keys
will be placed in user's ssh directory so we can ssh as normal user.
Change-Id: Ieb705515ec191955a646839e8f195d089df184bd
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
There is no good reason to run the script as root. If elevated
privileges are required then we will do it on a per case basis.
Change-Id: I7195fb3a0026ea20ce04e0b652dd3c1c56ca5741
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
This is similar to commit 6769ae9bcbf6 ("prototypes: bifrost: Add
keystone roles"). In preparation for running the bifrost jobs as normal
user we need to write a clouds.yaml file to users home directory.
This is similar to the bifrost upstream testing playbook.
Change-Id: Iae4bc73906649707667925280a19282ec5c93998
|
|
'pip install ansible' is not enough on newly installed hosts which may
lack the necessary build tools to install Ansible's dependencies. As
such, we add a script similar to the bifrost/scripts/install-deps.sh
one to pull in all the necessary distro-specific packages so Ansible
and it's dependencies can be installed from scratch.
Change-Id: I4b1e74644db9ace451ad763e4c54f1a3a43214fd
|
|
The os_client_config Ansible module used by all the ironic-* roles
depends on the keystone roles so we need to make use of them even
though they do not affect the end result. This fixes the following
OPNFV CI problem due to not having a clouds.yaml file present to
be consumed by the os_client_config Ansible module.
fatal: [controller00]: FAILED! => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result"}
An exception occurred during task execution. The full traceback is:
Traceback (most recent call last):
File "/tmp/ansible_ApkCUQ/ansible_module_os_client_config.py", line 75, in <module>
main()
File "/tmp/ansible_ApkCUQ/ansible_module_os_client_config.py", line 63, in main
for cloud in config.get_all_clouds():
File "/usr/lib/python2.7/site-packages/os_client_config/config.py", line 798, in get_all_clouds
cloud, region_name=region['name']))
File "/usr/lib/python2.7/site-packages/os_client_config/config.py", line 1071, in get_one_cloud
auth_plugin = loader.load_from_options(**config['auth'])
File "/usr/lib/python2.7/site-packages/keystoneauth1/loading/base.py", line 162, in load_from_options
raise exceptions.MissingRequiredOptions(missing_required)
keystoneauth1.exceptions.auth_plugins.MissingRequiredOptions: Auth plugin requires parameters which were not given: auth_url
fatal: [opnfv]: FAILED! => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result"}
Moreover, we cleanup the ~/openstack directory which may contain some
bifrost artifacts such as a clouds.yaml file.
Finally, we use 'sudo -H' because for the keystone roles we need the HOME
variable to be set properly.
Change-Id: I45b08bd33dd8ea9505fe10eb4b2b10956b3b683c
|
|
Role requirements file is used during ansible bootstrap on opnfv
host so we must ensure the right ansible role requirements is there
in advance.
Change-Id: I2c5a1edd82a51cbbe1469c31f37b5d638d32ec27
Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
|
|
Pinned versions used to be used only if XCI_LOOP == 'daily', but it
seems to be required, otherwise this is very likely to fail
Change-Id: I21f638bba75846a58b12373a903d414fa89b4bc6
Signed-off-by: Juan Vidal <juan.vidal.allende@ericsson.com>
|
|
Change-Id: Iebb9945bfd9cad9ebfda127f130542f4a6334aec
Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
|
|
They are exactly same now after moving nfs to compute00.
Change-Id: I9d9d2f037aa3684ba130ae0a4f9aef2e733f2d2e
Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
|
|
This change
- switches cinder backend from lvm to nfs as examplified in [1].
- moves nfs shares from compute01 to compute00 in order to merge
configure-targethosts.yml playbook in upcoming change.
- updates openstack_user_config.yml to reflect the switch to nfs
and move of nfs server to compute00.
- removes exports file due to switching to lineinfile module.
[1] https://docs.openstack.org/project-deploy-guide/openstack-ansible/draft/app-config-prod.html
Change-Id: I0715c98a89ab124256e3857c1047e374f261e39b
Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
|
|
For some reason, when the nodes are provisioned, they are out
of sync time-wise. This prevents neutron agents on compute nodes
from starting and then everything fails.
This change restarts chrony after the network configuration is updated
and the nodes have internet access and force synchs time on nodes.
Change-Id: Ib27b1fa0313223b52fa2e6229d5a179581d62686
Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
|
|
This change
- sets static IP for controller nodes' vxlan bridges as stated
in osa documentation: compute and network hosts must have an IP [1]
- configures IPs for controller nodes' vxlan bridges.
- removes the additional vlan ip from compute nodes as it seems to
be there for all in one.
- removes glean.rules as they mess with the network configuration once
the network changes are applied.
- removes the contents of interfaces.d as osa populates config for
lxc bridges and includes this config in interfaces file thus all the
files in interfaces.d must be removed in order not to mess with the
network configuration.
- updates modules appropriately.
[1] https://docs.openstack.org/project-deploy-guide/openstack-ansible/draft/app-config-prod.html
Change-Id: I84d5f07216c8d0246da06080fb0ed19f917d6637
Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
|
|
Change-Id: Ibc1b9662bb9865c0e309128327d620324ddca85c
Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
|
|
Aodh is broken on the master branch due to use of conflicting
sqlAlhcemy package, causing issues during osa repo_build.
This patch disables aodh and the related services ceilometer
and gnocchi since the reason for us to have these 2 is to get
aodh.
See the failure from
https://build.opnfv.org/ci/job/xci-deploy-virtual-xenial-daily-master/26/consoleFull
Change-Id: Ic6b74328cf1692b5e26c5f30b3eb3799240c7117
Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
|
|
Change-Id: If29aaf0be6ddd860450eeb10432fe75e12b1d03b
Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
|
|
The bifrost, osa, and ansible role requirements sha1s are bumped
based on the HEAD of the master of the projects on April 4.
designate is also disabled based on the comment the osa commit
mentions.
https://review.openstack.org/gitweb?p=openstack/openstack-ansible.git;a=commit;h=d9e1330c7ff9d72a604b6b4f3af765f66a01b30e
Change-Id: Ib47515490c799d3b1d2b4b319277c8900cd37328
Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
|
|
XCI has different jobs/loops to run
- patchset verification jobs (currently bifrost and osa in future)
- periodic jobs (bifrost and osa)
- daily jobs (for OPNFV platform deployment and testing)
The same scripts/playbooks used by XCI will also be used by developers.
We need to do different things depending on the context the scripts
and playbooks are executed.
- periodic jobs will use latest of everything to find working versions
of the components. (periodic osa will use unpinned role requirements
for example)
- daily jobs will use pinned versions in order to bring up the platform
and run OPNFV testing against it. (daily deployment will use pinned
versions and role requirements for example)
- developers might choose to use pinned versions or latest
Depending on what loop we are running, we need to do things differently
in scripts and playbooks. This variable will help us to do this in easy way.
We can of course do pattern matching of the job name but it will not
work if the scripts are used outside of Jenkins.
The default loop for non-Jenkins execution is set to daily as we want
developers to use working versions unless they change it to something
else intentionally.
Change-Id: Iff69c77ae3d9db2c14de1783ce098da9e9f0c83d
Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
|
|
This patch reflects the fix Tianwei found for the keystone and gnocchi
issues with HA deployment.
https://gerrit.opnfv.org/gerrit/#/c/32367/
The keystone issue should be fixed upstream but until that happens, we
can use the patch here to move us forward.
Previously removed OpenStack services have also been enabled to
try as close deployment as possible to upstream openstack-ansible.
Change-Id: Ib7b1cfe0f363381466b43a3249667c638c09d9fd
Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
|
|
This change
- fixes GIT_BASE in jobs
- adjusts build blockers
- fixes where the flavor vars should be sourced from
- sources flavor vars for bifrost periodic jobs
- renames the xcimaster node to opnfv to be consistent
- removes obsolete xci-provision.sh script
- enable additional openstack services including tempest to
ensure the deployment is sane
Change-Id: Ifdce1da52d68a26c2b87e1bd3b1996ec119d8d90
Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
|
|
Change-Id: Ib5200372a44ee6a22b45c2105b3729d362eacb1d
Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
|
|
Daily jobs are now switched to using xci-deploy.sh script together
with the environment variables, playbooks, and so on.
These jobs do not set any version for any of the component as
the point with these jobs is to test the platform itself, not the
tools.
DIB related stuff is still left as parameters to deploy job for SUSE
and CentOS jobs so we can override what is set by xci depending
on the distro.
Change-Id: I5a5292e6bae8fdd052858108db409e8d495fbf24
Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
|
|
This change
- updates the main script to run the playbooks
- creates the initial version of the readme file
Change-Id: I4110433bce541a5d9645f34457f9e1b1ee93df19
Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
|
|
This change moves preparation (cloning repos, combining opnfv/bifrost
with openstack/bifrost), destroying and creating VM nodes from the
script into a separate playbook.
This requires the host to have ansible installed. The version of ansible
to install using pip currently matches to what bifrost uses but it is
hardcoded and needs to be fixed properly.
The reason for having this as a playbook to simplify the script and
increase the reuse. This playbook will be used for
- developer sandbox
- periodic bifrost jobs to run against latest on given branch and
promoting bifrost sha1 to pin later on
- daily jobs to run using pinned versions of bifrost
Change-Id: I033f12290dfea19d4c74be80eea7203211c0369e
Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
|
Markos Chandras
Trevor Bramwell
Juan Vidal Allende
Fatih Degirmenci
Yolanda Robla