summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2018-04-06xci: kubespray: Generate and use SSL certificate for HAProxyMarkos Chandras2-0/+5
In the OpenStack-Ansible installers we are using the XCI ssl certificates for the endpoints but in kubespray we are generating them on the fly. In order to keep both setups as close as possible, we can use the XCI certificates in kubespray as well. Change-Id: I1ca55127fe747618205394c02b3d44bb573435f4 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-04-06xci: osa: Move SSL certification tasks to a new fileMarkos Chandras2-19/+36
The tasks for creating and managing the XCI SSL certificates can be shared between installers so move them to a common file. Change-Id: I9df82517e737681420429a992aa8d68e78528fd4 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-04-06xci: kubespray: Use the common tasks to manage the SSH keysMarkos Chandras2-25/+4
Drop the kubespray specific tasks for managing the SSH keys in favor of the common ones. Change-Id: Ib8e18fcc14c4c0126cae72740dbb33921a21af6b Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-04-06Merge "xci: kubespray: Fix failures to due task checks"Markos Chandras2-5/+6
2018-04-06Merge "xci: osa: Fix task status when bootstrapping OpenStack-Ansible"Markos Chandras1-0/+4
2018-04-06Merge "xci: bifrost: Use 'sudo' to install dependencies for bifrost jobs"Markos Chandras1-2/+4
2018-04-06Merge changes from topic 'common-ssh-manage-tasks'Markos Chandras4-111/+81
* changes: xci: osa: Use Ansible modules to create ssl certificates xci: osa: Move tasks for managing SSH keys to a new file
2018-04-05Merge "Correct mail address of Manuel Buil"Fatih Degirmenci1-1/+1
2018-04-04xci: kubespray: Fix failures to due task checksMarkos Chandras2-5/+6
(this commit fixes many things because they all need to be submitted together to unblock the jobs) Commit 9e1d3d6e62abf5d0da26a296bcd235f37a54d9c6 ("xci: playbooks: Fixes various ansible-lint warnings") broke public key authentication from localhost to the OPNFV host because the localhost pubkey was not appended in the authorized_keys file. The reason for that was that the task was skipped due to the 'creates' parameter. This is now fixed, by dropping the check since we always need to append the localhost pubkey. This is only a temporary solution until we modify kubespray to use the common file for managing the SSH keys. This also makes the final 'kubectl' move to /usr/local/bin non-fatal since future kubespray releases put it there already. The same commit also broke the k8s-cluster.yml overrides. This is because the file was never copied across due to the task conditional being wrong. As such, we fix the conditional to check for the correct file. Change-Id: I9cfb29eba50c7fea9df29581ebb015163b8a9754 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-04-04xci: osa: Fix task status when bootstrapping OpenStack-AnsibleMarkos Chandras1-0/+4
The bootstrap script from the OpenStack-Ansible repository creates several things in /opt/ansible-runtime and /usr/local/bin so we can check if the final 'openstack-ansible' symlink exists in order to report a proper status for that task and even skip if everything is prepared already. Change-Id: I4ca3a733746f8d757aa1156b533e4b4de90188e6 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-04-04xci: bifrost: Use 'sudo' to install dependencies for bifrost jobsMarkos Chandras1-2/+4
When bifrost jobs are being executed, the virtual environment hasn't been prepared yet because that's something that bifrost does later on. As such, we need to use sudo to install the required dependencies to avoid the following issue: Exception: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/pip/basecommand.py", line 215, in main status = self.run(options, args) File "/usr/lib/python2.7/site-packages/pip/commands/install.py", line 342, in run prefix=options.prefix_path, File "/usr/lib/python2.7/site-packages/pip/req/req_set.py", line 784, in install **kwargs File "/usr/lib/python2.7/site-packages/pip/req/req_install.py", line 851, in install self.move_wheel_files(self.source_dir, root=root, prefix=prefix) File "/usr/lib/python2.7/site-packages/pip/req/req_install.py", line 1064, in move_wheel_files isolated=self.isolated, File "/usr/lib/python2.7/site-packages/pip/wheel.py", line 345, in move_wheel_files clobber(source, lib_dir, True) File "/usr/lib/python2.7/site-packages/pip/wheel.py", line 316, in clobber ensure_dir(destdir) File "/usr/lib/python2.7/site-packages/pip/utils/__init__.py", line 83, in ensure_dir os.makedirs(path) File "/usr/lib64/python2.7/os.py", line 157, in makedirs mkdir(name, mode) OSError: [Errno 13] Permission denied: '/usr/lib/python2.7/site-packages/pbr' Change-Id: I081884ec18d27af19a053bf5b734f6f3846c60f1 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-04-04xci: osa: Use Ansible modules to create ssl certificatesMarkos Chandras2-51/+30
Ansible already provides modules to create ssl certificates so we can use these instead of running the openssl commands directly. Moreover, we can drop all the tasks which create the ssl directories since there are being created by the openssl package which also creates the appropriate symlinks. Finally, there is no need to generate the certificate on localhost if only the OPNFV host consumes it, so move these steps to the appropriate playbook. Change-Id: I0045945c502013be3d76440876e894a44a092690 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-04-03xci: osa: Move tasks for managing SSH keys to a new fileMarkos Chandras3-60/+51
The tasks that manage the SSH keys are common across hosts and also common across different installers. As such, lets move them to a new file so we can share them more easily. Change-Id: If235877394f224a47a2f2b8de748a2330eabcec1 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-04-03Merge changes from topic 'misc-simplifications-osa'Markos Chandras5-128/+178
* changes: xci: bootstrap-host: Make active network interface consistent xci: osa: Simplify tasks for copying OSA configuration files xci: Use proper Ansible modules to manage SSH keys
2018-04-03Correct mail address of Manuel BuilFatih Degirmenci1-1/+1
Change-Id: Id448a38567975185b399ab54a34b39edf148a0ac Signed-off-by: Fatih Degirmenci <fdegir@gmail.com>
2018-04-03shabump: Bump SHAs to bring cinder, lxc_hosts, and pip fixes inFatih Degirmenci2-8/+8
This change brings the fix for - cinder haproxy check for ha deployments - pip related fixes - fixes for lxc_hosts Change-Id: I4af64041a4a76c10361456f73577e7c7040edf8a Signed-off-by: Fatih Degirmenci <fdegir@gmail.com>
2018-03-28xci: bootstrap-host: Make active network interface consistentMarkos Chandras2-21/+50
When we run XCI for the first time, Ansible picks the first active interface as the default one. However, after we configure all the XCI bridges etc, and we try to run this role again, Ansible may have changed its mind about what interface is active and it could default to one of the bridges. This forces the role to redo the network configuration but this time the bridges are being attached to bridges so everything goes terribly wrong after that. The way to solve this would be to add a local fact about what interface should be considered as the 'real' default one so subsequent calls to this role to not destroy the network. This also drops the task which removed the network configuration files on SUSE platforms since Ansible is smart enough to not touch them if they are configured properly. Change-Id: Ic0525e934b1934a40d69e6cf977615ab9b3dac6d Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-03-28xci: osa: Simplify tasks for copying OSA configuration filesMarkos Chandras1-65/+48
We can use a loop to copy all these files instead of multiple tasks. This simplifies the playbook quite a bit. Change-Id: I5f0d387ac090d81fc577b5ebeaeb6131e75cffa1 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-03-28xci: Use proper Ansible modules to manage SSH keysMarkos Chandras3-42/+80
We can use the 'user', 'slurp' and 'authorized_key' modules to manage the various SSH configurations across the hosts instead of using command line tools. Change-Id: I2dde4d584fc336e267868607d5a58f5ee2c1feed Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-03-28Merge "xci: bifrost: Only use libvirt as DNS server if using proxy servers"Markos Chandras1-1/+5
2018-03-28Merge "xci: Check XCI playbooks using ansible-lint"Markos Chandras2-1/+47
2018-03-28Merge "xci: playbooks: Fixes various ansible-lint warnings"Markos Chandras8-26/+74
2018-03-28Merge "xci: get-opnfv-scenario-requirements: Use checksum for rsync updates"Markos Chandras1-0/+8
2018-03-28xci: infra: bifrost: Make sure XCI variables are defined firstMarkos Chandras1-7/+7
It's best to define all the XCI variables before everything else to ensure that all subsequent bifrost variables are properly defined. Change-Id: Id4a9e0c89e8dd32b852cfef6b9bb336c4b75f5a7 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-03-27xci: bifrost: Only use libvirt as DNS server if using proxy serversMarkos Chandras1-1/+5
Commit 0d332a80cf731e5927c81c9f6929a8b83d43cddd ("Add proxy support") switched the default DNS server to the libvirt bridge. However, we only need to override the default DNS if we are behind a proxy server. Change-Id: I7d8fe8c10a1aba2db4a703a81e74ef76fa593d95 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-03-27Merge "xci: infra: bifrost: Define more XCI variables for bifrost jobs"Markos Chandras1-0/+3
2018-03-26xci: get-opnfv-scenario-requirements: Use checksum for rsync updatesMarkos Chandras1-0/+8
Rsync will update modification times on transferred files so Ansible marks the task as 'changed' all the time even though the source and destination files are the same. This is confusing for XCI developers because they may think that there are local changes to the scenarios which is not always the case. As such, compare the 'checksums' of the actual files to determine if there are any changes that need to be copied over. This requires us to turn off the 'archive' option and use the individual options directly. This fixes the following problem where in a typical XCI job, all inbound scenarios appear to have changes which is not true. Mar 26 15:10:24 TASK [Synchronize local changes to scenarios' master branch] ******************* Mar 26 15:10:24 ok: [localhost] => (item=os-odl-sfc) Mar 26 15:10:25 changed: [localhost] => (item=os-nosdn-nofeature) Mar 26 15:10:25 changed: [localhost] => (item=os-odl-nofeature) Mar 26 15:10:25 changed: [localhost] => (item=k8-nosdn-nofeature) Mar 26 15:10:26 ok: [localhost] => (item=os-odl-bgpvpn) Change-Id: I14f446c341a675b286e971f0b5c0be14d04abb9d Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-03-26xci: Check XCI playbooks using ansible-lintMarkos Chandras2-1/+47
The ansible-lint tool can help with maintaining consistency across all the XCI playbooks, so lets introduce it early in the process to capture common mistakes before the actual XCI deployment is executed. This however needs to run after all the scenarios repositories have been cloned and configured. Change-Id: I28104429e3ac0cdbc48a003b163f4fb8c3acd8a7 Link: https://github.com/willthames/ansible-lint Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-03-26xci: playbooks: Fixes various ansible-lint warningsMarkos Chandras8-26/+74
In preparation for adding support for the 'ansible-lint' tool we fix various problems in our playbooks to make the tool happy before we make it mandatory. Some of the problems that are fixed here are - [ANSIBLE0011] All tasks should be named - [ANSIBLE0012] Commands should not change things if nothing needs doing - [ANSIBLE0013] Use shell only when shell functionality is required - [ANSIBLE0010] Package installs should not use latest installer-type:osa deploy-scenario:os-nosdn-nofeature Change-Id: I66c759d3932a414b81b2846393d2d98ce80c0b6d Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-03-26xci: get-opnfv-scenario-requirements: Fix local scenario syncMarkos Chandras1-4/+4
Commit 07747a53901e550280afb421b6fcbebc8994e93a ("xci: playbooks: Fix synchronization of external scenarios") fixed copying of external scenarios but broke internal ones because the regexp was wrong. The variable was not evaluated properly so nothing was replaced for internal scenarios. This also fixes a problem when the scenario and the role names differ so we make sure that the role with the correct name is created. Change-Id: Idd7590d972841b5c03286b34757d7325b863c6bf Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-03-26xci: infra: bifrost: Define more XCI variables for bifrost jobsMarkos Chandras1-0/+3
This is similar to eeb906a553d6ddf70ffc5af1acadb33a13ff5990 ("xci: infra: bifrost: Set XCI_DISTRO if it's not defined") so we need to define more XCI variables if we are running the standalone bifrost jobs. Change-Id: I112cfbfdda677174bdb0d0afef73f035c74cb79e Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-03-24Merge "xci: playbooks: Fix synchronization of external scenarios"Fatih Degirmenci1-1/+1
2018-03-24xci: playbooks: Fix synchronization of external scenariosMarkos Chandras1-1/+1
The code was supposed to copy everything from {{ xci_path }}/{{ scenario.role }} to the XCI roles directory but external scenarios have their 'role' attribute relative to their repository whereas internal one have it relative to the {{ xci_path }}. As such, changes to external scenarios were not copied successfully to the playbooks directory and their changes where never tested. This removes the 'xci/scenarios/$scenario' part of the inbound roles attribute to make all them relative to the xci/scenarios/$scenario directory. Change-Id: Id28671b30c8ee4aa6bc186444c0e5a3a3ea3d89b Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-03-23Merge "xci: install: Move all pip installations to virtualenv"Fatih Degirmenci4-54/+27
2018-03-23Merge "xci: files: install-lib.sh: Hide rsync errors"Fatih Degirmenci1-2/+2
2018-03-23xci: install: Move all pip installations to virtualenvMarkos Chandras4-54/+27
Now that all pip installations are managed in the same way we can move them inside a global virtual environment to further isolate the XCI artifacts from the rest of the system. Moreover, we further simplify the initial package installation to install everything at once instead of calling the package manager for every single package that we need. Change-Id: I6a170d2439fae8b0653f3141e0e8bb8ead67657e Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-03-23xci: infra: bifrost: Set XCI_DISTRO if it's not definedMarkos Chandras1-0/+4
The XCI_DISTRO variable is normally set from the XCI deployment script. However, on bifrost jobs, we don't run this script as part of XCI so we need to ensure that this variable is set properly. Change-Id: I295b65176bab6ccbdd12aa50449d3c021a88b43d Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-03-23xci: files: install-lib.sh: Hide rsync errorsMarkos Chandras1-2/+2
rsync may fail because the OPNFV VM doesn't exist if we failed quite early in the process so hide any errors from the remote rsync operation to avoid confusion. Change-Id: I43dfb0a527165a186674178d12e6d00ffc61f580 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-03-22Merge "xci: playbooks: Fix message on fail task for deployed scenario"Fatih Degirmenci1-2/+2
2018-03-22Merge "xci: files: xci-destroy-env.sh: Remove VMs from all flavors"Fatih Degirmenci1-2/+8
2018-03-22Merge "xci: osa: Configure the ARA callback plugin on OPNFV host"Fatih Degirmenci2-1/+27
2018-03-22Merge "xci: Install the ARA callback plugin"Fatih Degirmenci2-3/+30
2018-03-22Merge "xci: files: install-lib.sh: Install pip packages as user"Fatih Degirmenci1-5/+1
2018-03-22Merge "xci: files: Move Ansible installation to a library file"Fatih Degirmenci3-162/+177
2018-03-22Merge "xci: kubespray: Add experimental support for openSUSE"Fatih Degirmenci2-0/+10
2018-03-22Nomination of David Blaisonneau as XCI committerFatih Degirmenci1-0/+5
David Blaisonneau is the main driver of introducing native support for Pharos PDF/IDF in XCI. He has been also working on stabilizing XCI framework and enabling baremetal deployments. His contributions include - creation of PDFs for baremetal PODs - starting the work on improving the stabilization of the framework - starting the work on introducing support for PDF/IDF - deployment on baremetal Change-Id: If4e71c7456e5e8f642b3e82b8ef356747431ed96 Signed-off-by: Fatih Degirmenci <fdegir@gmail.com>
2018-03-22Nomination of Periyasamy Palanisamy as XCI committerFatih Degirmenci1-0/+5
Periyasamy Palanisamy onboarded SDNVPN project to XCI, contributed various scenarios and made contributions to upstream projects. His contributions include - creating os-odl-nofeature scenario - integrating ovs into os-nosdn-nofeature scenario - creating os-odl-bgpvpn scenario - improving the framework - reviewing changes His contributions can be seen from following link: https://gerrit.opnfv.org/gerrit/#/q/owner:periyasamy.palanisamy%2540ericsson.com+project:releng-xci+status:merged Apart from contributing to XCI, he directly worked in upstream for integrating different features and improving things. Some of his contributions can be seen from following links: https://review.openstack.org/#/q/owner:%22Periyasamy+Palanisamy+%253Cperiyasamy.palanisamy%2540ericsson.com%253E%22+status:merged https://git.opendaylight.org/gerrit/#/q/project:integration/packaging/ansible-opendaylight+owner:periyasamy.palanisamy%2540ericsson.com+status:merged Change-Id: I1b86938b8519e758801339fb8029f8b2dd1f7918 Signed-off-by: Fatih Degirmenci <fdegir@gmail.com>
2018-03-22Nomination of Manuel Buil as XCI committerFatih Degirmenci1-5/+5
Manuel Buil has been crucial onboarding OPNFV SFC Project to XCI. His contributions include - creating os-odl-sfc scenario on XCI - developing role to integrate Functest into XCI - working on establishing XCI developer workflow by being first project to evaluate the XCI framework and provide feedback - reviewing changes His contributions can be seen from following link: https://gerrit.opnfv.org/gerrit/#/q/owner:mbuil%2540suse.com+project:releng-xci+status:merged Apart from contributions to XCI, he contributed to several upstream components in order to onboard SFC to XCI. - Taking over the Ansible Tacker Role implementation and finalizing it - Integrating Tacker into OpenStack Ansible - Enhancing Ansible Neutron Role and introducing ODL support His contributions to upstream projects can be seen from following link: https://review.openstack.org/#/q/owner:mbuil%2540suse.com+status:merged https://git.opendaylight.org/gerrit/#/q/project:integration/packaging/ansible-opendaylight+owner:mbuil%2540suse.com+status:merged Change-Id: I40756bfe5e7c962e6d8d6d5c3d53ef1699ae6428 Signed-off-by: Fatih Degirmenci <fdegir@gmail.com>
2018-03-22Merge "Nomination of Tianwei Wu as XCI committer"Fatih Degirmenci1-0/+10
2018-03-22Merge "Connect ODL CI-CD to XCI"Fatih Degirmenci3-3/+19