Age | Commit message (Collapse) | Author | Files | Lines |
|
In the OpenStack-Ansible installers we are using the XCI ssl
certificates for the endpoints but in kubespray we are generating them
on the fly. In order to keep both setups as close as possible, we can
use the XCI certificates in kubespray as well.
Change-Id: I1ca55127fe747618205394c02b3d44bb573435f4
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
The tasks for creating and managing the XCI SSL certificates
can be shared between installers so move them to a common file.
Change-Id: I9df82517e737681420429a992aa8d68e78528fd4
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
Drop the kubespray specific tasks for managing the SSH keys in favor of
the common ones.
Change-Id: Ib8e18fcc14c4c0126cae72740dbb33921a21af6b
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
|
|
|
|
|
|
* changes:
xci: osa: Use Ansible modules to create ssl certificates
xci: osa: Move tasks for managing SSH keys to a new file
|
|
|
|
(this commit fixes many things because they all need to be submitted
together to unblock the jobs)
Commit 9e1d3d6e62abf5d0da26a296bcd235f37a54d9c6 ("xci: playbooks: Fixes
various ansible-lint warnings") broke public key authentication from
localhost to the OPNFV host because the localhost pubkey was not
appended in the authorized_keys file. The reason for that was that the
task was skipped due to the 'creates' parameter. This is now fixed, by
dropping the check since we always need to append the localhost pubkey.
This is only a temporary solution until we modify kubespray to use the
common file for managing the SSH keys.
This also makes the final 'kubectl' move to /usr/local/bin non-fatal
since future kubespray releases put it there already.
The same commit also broke the k8s-cluster.yml overrides. This is
because the file was never copied across due to the task conditional
being wrong. As such, we fix the conditional to check for the correct
file.
Change-Id: I9cfb29eba50c7fea9df29581ebb015163b8a9754
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
The bootstrap script from the OpenStack-Ansible repository creates
several things in /opt/ansible-runtime and /usr/local/bin so we can
check if the final 'openstack-ansible' symlink exists in order to
report a proper status for that task and even skip if everything
is prepared already.
Change-Id: I4ca3a733746f8d757aa1156b533e4b4de90188e6
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
When bifrost jobs are being executed, the virtual environment hasn't
been prepared yet because that's something that bifrost does later on.
As such, we need to use sudo to install the required dependencies to
avoid the following issue:
Exception:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/pip/basecommand.py", line 215, in main
status = self.run(options, args)
File "/usr/lib/python2.7/site-packages/pip/commands/install.py", line 342, in run
prefix=options.prefix_path,
File "/usr/lib/python2.7/site-packages/pip/req/req_set.py", line 784, in install
**kwargs
File "/usr/lib/python2.7/site-packages/pip/req/req_install.py", line 851, in install
self.move_wheel_files(self.source_dir, root=root, prefix=prefix)
File "/usr/lib/python2.7/site-packages/pip/req/req_install.py", line 1064, in move_wheel_files
isolated=self.isolated,
File "/usr/lib/python2.7/site-packages/pip/wheel.py", line 345, in move_wheel_files
clobber(source, lib_dir, True)
File "/usr/lib/python2.7/site-packages/pip/wheel.py", line 316, in clobber
ensure_dir(destdir)
File "/usr/lib/python2.7/site-packages/pip/utils/__init__.py", line 83, in ensure_dir
os.makedirs(path)
File "/usr/lib64/python2.7/os.py", line 157, in makedirs
mkdir(name, mode)
OSError: [Errno 13] Permission denied: '/usr/lib/python2.7/site-packages/pbr'
Change-Id: I081884ec18d27af19a053bf5b734f6f3846c60f1
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
Ansible already provides modules to create ssl certificates so we can
use these instead of running the openssl commands directly. Moreover, we
can drop all the tasks which create the ssl directories since there are
being created by the openssl package which also creates the appropriate
symlinks. Finally, there is no need to generate the certificate on
localhost if only the OPNFV host consumes it, so move these steps to
the appropriate playbook.
Change-Id: I0045945c502013be3d76440876e894a44a092690
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
The tasks that manage the SSH keys are common across hosts and
also common across different installers. As such, lets move them
to a new file so we can share them more easily.
Change-Id: If235877394f224a47a2f2b8de748a2330eabcec1
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
* changes:
xci: bootstrap-host: Make active network interface consistent
xci: osa: Simplify tasks for copying OSA configuration files
xci: Use proper Ansible modules to manage SSH keys
|
|
Change-Id: Id448a38567975185b399ab54a34b39edf148a0ac
Signed-off-by: Fatih Degirmenci <fdegir@gmail.com>
|
|
This change brings the fix for
- cinder haproxy check for ha deployments
- pip related fixes
- fixes for lxc_hosts
Change-Id: I4af64041a4a76c10361456f73577e7c7040edf8a
Signed-off-by: Fatih Degirmenci <fdegir@gmail.com>
|
|
When we run XCI for the first time, Ansible picks the first active
interface as the default one. However, after we configure all the XCI
bridges etc, and we try to run this role again, Ansible may have changed
its mind about what interface is active and it could default to one of
the bridges. This forces the role to redo the network configuration but
this time the bridges are being attached to bridges so everything goes
terribly wrong after that. The way to solve this would be to add a local
fact about what interface should be considered as the 'real' default one
so subsequent calls to this role to not destroy the network.
This also drops the task which removed the network configuration files
on SUSE platforms since Ansible is smart enough to not touch them if
they are configured properly.
Change-Id: Ic0525e934b1934a40d69e6cf977615ab9b3dac6d
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
We can use a loop to copy all these files instead of multiple tasks.
This simplifies the playbook quite a bit.
Change-Id: I5f0d387ac090d81fc577b5ebeaeb6131e75cffa1
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
We can use the 'user', 'slurp' and 'authorized_key' modules
to manage the various SSH configurations across the hosts instead
of using command line tools.
Change-Id: I2dde4d584fc336e267868607d5a58f5ee2c1feed
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
|
|
|
|
|
|
|
|
It's best to define all the XCI variables before everything else
to ensure that all subsequent bifrost variables are properly
defined.
Change-Id: Id4a9e0c89e8dd32b852cfef6b9bb336c4b75f5a7
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
Commit 0d332a80cf731e5927c81c9f6929a8b83d43cddd ("Add proxy support")
switched the default DNS server to the libvirt bridge. However, we only
need to override the default DNS if we are behind a proxy server.
Change-Id: I7d8fe8c10a1aba2db4a703a81e74ef76fa593d95
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
|
|
Rsync will update modification times on transferred files so Ansible
marks the task as 'changed' all the time even though the source and
destination files are the same. This is confusing for XCI developers
because they may think that there are local changes to the scenarios
which is not always the case. As such, compare the 'checksums' of the
actual files to determine if there are any changes that need to be
copied over. This requires us to turn off the 'archive' option and
use the individual options directly.
This fixes the following problem where in a typical XCI job, all
inbound scenarios appear to have changes which is not true.
Mar 26 15:10:24 TASK [Synchronize local changes to scenarios' master branch] *******************
Mar 26 15:10:24 ok: [localhost] => (item=os-odl-sfc)
Mar 26 15:10:25 changed: [localhost] => (item=os-nosdn-nofeature)
Mar 26 15:10:25 changed: [localhost] => (item=os-odl-nofeature)
Mar 26 15:10:25 changed: [localhost] => (item=k8-nosdn-nofeature)
Mar 26 15:10:26 ok: [localhost] => (item=os-odl-bgpvpn)
Change-Id: I14f446c341a675b286e971f0b5c0be14d04abb9d
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
The ansible-lint tool can help with maintaining consistency across all
the XCI playbooks, so lets introduce it early in the process to capture
common mistakes before the actual XCI deployment is executed. This
however needs to run after all the scenarios repositories have been
cloned and configured.
Change-Id: I28104429e3ac0cdbc48a003b163f4fb8c3acd8a7
Link: https://github.com/willthames/ansible-lint
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
In preparation for adding support for the 'ansible-lint' tool we fix
various problems in our playbooks to make the tool happy before we make
it mandatory.
Some of the problems that are fixed here are
- [ANSIBLE0011] All tasks should be named
- [ANSIBLE0012] Commands should not change things if nothing needs doing
- [ANSIBLE0013] Use shell only when shell functionality is required
- [ANSIBLE0010] Package installs should not use latest
installer-type:osa
deploy-scenario:os-nosdn-nofeature
Change-Id: I66c759d3932a414b81b2846393d2d98ce80c0b6d
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
Commit 07747a53901e550280afb421b6fcbebc8994e93a ("xci: playbooks: Fix
synchronization of external scenarios") fixed copying of external
scenarios but broke internal ones because the regexp was wrong. The
variable was not evaluated properly so nothing was replaced for internal
scenarios. This also fixes a problem when the scenario and the role
names differ so we make sure that the role with the correct name is
created.
Change-Id: Idd7590d972841b5c03286b34757d7325b863c6bf
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
This is similar to eeb906a553d6ddf70ffc5af1acadb33a13ff5990 ("xci:
infra: bifrost: Set XCI_DISTRO if it's not defined") so we need to
define more XCI variables if we are running the standalone bifrost
jobs.
Change-Id: I112cfbfdda677174bdb0d0afef73f035c74cb79e
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
|
|
The code was supposed to copy everything from
{{ xci_path }}/{{ scenario.role }} to the XCI roles directory but
external scenarios have their 'role' attribute relative to their
repository whereas internal one have it relative to the {{ xci_path }}.
As such, changes to external scenarios were not copied successfully
to the playbooks directory and their changes where never tested.
This removes the 'xci/scenarios/$scenario' part of the inbound
roles attribute to make all them relative to the
xci/scenarios/$scenario directory.
Change-Id: Id28671b30c8ee4aa6bc186444c0e5a3a3ea3d89b
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
|
|
|
|
Now that all pip installations are managed in the same way we can
move them inside a global virtual environment to further isolate the
XCI artifacts from the rest of the system. Moreover, we further simplify
the initial package installation to install everything at once instead
of calling the package manager for every single package that we need.
Change-Id: I6a170d2439fae8b0653f3141e0e8bb8ead67657e
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
The XCI_DISTRO variable is normally set from the XCI deployment script.
However, on bifrost jobs, we don't run this script as part of XCI so we
need to ensure that this variable is set properly.
Change-Id: I295b65176bab6ccbdd12aa50449d3c021a88b43d
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
rsync may fail because the OPNFV VM doesn't exist if we failed quite
early in the process so hide any errors from the remote rsync operation
to avoid confusion.
Change-Id: I43dfb0a527165a186674178d12e6d00ffc61f580
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
David Blaisonneau is the main driver of introducing native
support for Pharos PDF/IDF in XCI. He has been also working
on stabilizing XCI framework and enabling baremetal deployments.
His contributions include
- creation of PDFs for baremetal PODs
- starting the work on improving the stabilization of the framework
- starting the work on introducing support for PDF/IDF
- deployment on baremetal
Change-Id: If4e71c7456e5e8f642b3e82b8ef356747431ed96
Signed-off-by: Fatih Degirmenci <fdegir@gmail.com>
|
|
Periyasamy Palanisamy onboarded SDNVPN project to XCI,
contributed various scenarios and made contributions to upstream
projects.
His contributions include
- creating os-odl-nofeature scenario
- integrating ovs into os-nosdn-nofeature scenario
- creating os-odl-bgpvpn scenario
- improving the framework
- reviewing changes
His contributions can be seen from following link:
https://gerrit.opnfv.org/gerrit/#/q/owner:periyasamy.palanisamy%2540ericsson.com+project:releng-xci+status:merged
Apart from contributing to XCI, he directly worked in upstream for
integrating different features and improving things. Some of his
contributions can be seen from following links:
https://review.openstack.org/#/q/owner:%22Periyasamy+Palanisamy+%253Cperiyasamy.palanisamy%2540ericsson.com%253E%22+status:merged
https://git.opendaylight.org/gerrit/#/q/project:integration/packaging/ansible-opendaylight+owner:periyasamy.palanisamy%2540ericsson.com+status:merged
Change-Id: I1b86938b8519e758801339fb8029f8b2dd1f7918
Signed-off-by: Fatih Degirmenci <fdegir@gmail.com>
|
|
Manuel Buil has been crucial onboarding OPNFV SFC Project to XCI.
His contributions include
- creating os-odl-sfc scenario on XCI
- developing role to integrate Functest into XCI
- working on establishing XCI developer workflow by being first project
to evaluate the XCI framework and provide feedback
- reviewing changes
His contributions can be seen from following link:
https://gerrit.opnfv.org/gerrit/#/q/owner:mbuil%2540suse.com+project:releng-xci+status:merged
Apart from contributions to XCI, he contributed to several upstream components
in order to onboard SFC to XCI.
- Taking over the Ansible Tacker Role implementation and finalizing it
- Integrating Tacker into OpenStack Ansible
- Enhancing Ansible Neutron Role and introducing ODL support
His contributions to upstream projects can be seen from following link:
https://review.openstack.org/#/q/owner:mbuil%2540suse.com+status:merged
https://git.opendaylight.org/gerrit/#/q/project:integration/packaging/ansible-opendaylight+owner:mbuil%2540suse.com+status:merged
Change-Id: I40756bfe5e7c962e6d8d6d5c3d53ef1699ae6428
Signed-off-by: Fatih Degirmenci <fdegir@gmail.com>
|
|
|
|
|