Age | Commit message (Collapse) | Author | Files | Lines |
|
This reverts commit 42501f0ef7e0f0729b1c780102fb9713ef383fb3.
This also removes the entire SSL management code and we let the
haproxy_server role generate the certificates for us.
We also need to bump the openrc role to include an upstream patch
which fixes the openrc template file.
deploy-scenario:os-nosdn-nofeature
installer-type:osa
Change-Id: I9bb590c9f1d5bc63519cfb4794dc15f794cc5b07
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
This change
- bumps OSA SHA to b9d9269528ecbe04b2638a73c2b0f49839f27422
- bumps bifrost SHA to 0d0cfd908d10a670668619c575fd338d1ff328b7
- Pins Ansible to 2.5.8. OSA is using 2.5.5 which has a bug in the pause
module so we need to use something newer.
Change-Id: Idf05bbef880db11de4a41464ae5080aa21a0613c
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
using kubespary to deploy the istio, kubespary support to deploy istio
installer-type:kubespray
deploy-scenario:k8-nosdn-istio
Change-Id: Id8c04936187c89fafa921dada382a0e9e11aab27
Signed-off-by: wutianwei <wutianwei1@huawei.com>
Signed-off-by: Fatih Degirmenci <fdegir@gmail.com>
|
|
The info is logged to the console before post-deployment tasks and
this makes it seeing the deployment status and login info inconvenient.
This change moves the logging to the end, after post-deployment.
Change-Id: Ic7e232a0b8343e666f54087fbcc09481ab59ca90
Signed-off-by: Fatih Degirmenci <fdegir@gmail.com>
|
|
This change
- bumps OSA SHA to cbfdb7dc295ff702044b807336fab067d84a3f20
(mostly based on Rocky RC1)
- bumps bifrost SHA to c1c6fb7487d5b967624400623fd35aabf303b917
- pins Ansible to 2.4.6.0
- switches to ollivier/functest-healtcheck since OS is bumped to Rocky
Change-Id: Icc14e3e794b489dafd78b426c54051a3732ccb1a
Signed-off-by: Fatih Degirmenci <fdegir@gmail.com>
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
Deployment not working because of a bug. This bug gets fixed with the
new SHA
Change-Id: I91c6df6bf7ea10492265466ebdfbf4264492936b
Signed-off-by: Manuel Buil <mbuil@suse.com>
|
|
* changes:
xci: xci-destroy-env.sh: Update virtualbmc path
xci: create-vm-nodes: Install virtualbmc in the XCI virtualenv
xci: osa: Drop openSUSE mirror variables
|
|
we let downloads.opensuse.org redirect us to a good one since
the hardcoded one does not appear to work anymore. Ansible gets
upset if we feed it an empty variables file, so we set a couple
of variables there to make it happy.
Change-Id: I887522ebc71dd866d544e75beeff47af6111e059
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
This change integrates os-nosdn-osm scenario.
The installation of OSM is done as post-deployment. This is achieved by
the addition of the new playbook named post-deployment.yml in scenario
role folder.
This mechanism is available for all OpenStack scenarios. If anything
needs to be done for a specific scenario as part of the post-deployment,
it can be achieved by creating playbook post-deployment.yml.
If post-deployment.yml exists in scenario role, the framework will run
it once the regular deployment playbooks are run successfully. If the
file does not exist, it will be skipped.
The location of the post-deployment.yml is
releng-xci-scenarios/<scenario>/role/<scenario>/tasks/post-deployment.yml
This is only implemented for OpenStack scenarios currently and similar
mechanism is needed for K8S scenarios as well which will be implemented
in a separate change.
installer-type:osa
deploy-scenario:os-nosdn-osm
Change-Id: I16780abffca39699eb2f38f662479f0e4d551504
Signed-off-by: Fatih Degirmenci <fdegir@gmail.com>
|
|
The self-signed certificates are causing troubles so until we implement
a proper certificate chain in XCI we should disable the SSL endpoints.
Change-Id: Ife4ef78de1569121c435a806924a3f90917fd85b
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
Switching to github.com for the gitclones did not make much of a
difference since we are still seeing randomg SSL failures during git
clones. So we can switch back to git://git.openstack.org hoping that
the git protocol will be more efficient than https. Moreover some
projects are moving away from github mirroring and this breaks our
tests.
Change-Id: I8188ec7cbfbf16eeb4634bd9a44b12a104ce1059
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
The spice-html5 repository moved from github to its own gitlab hosting
and that broke everything. As such, we update the OSA roles which
contain the correct URL for the new repository.
Change-Id: I3e2883c0436c9c93d2a8a338343ca3a75a1431e4
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
|
|
The bootstrap role configures NTP and networking on hosts so we
should use it on k8s deployments as well.
installer-type:kubespray
deploy-scenario:k8-nosdn-nofeature
Change-Id: I04bd1e1c2c325baabfb836bd8cca60c5f59344c7
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
|
|
The kubespray installer contains one inventory per flavor. We can get
rid of these files and use the dynamic inventory similar to OSA.
Moreover, we extend the dynamic inventory to read additional group
variables per flavor if necessary. This way we can still pass additional
information to inventory on per-flavor basis. This also fixes a typo
in the 'IDF' file. We also need to bump Ansible for kubespray since the
version we were using is having troubles with dynamic inventories.
Change-Id: Ic58101555f81aec5fee3c193608440aa89bbe445
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
1. this change bumps Kubespray SHA to the HEAD of "master" as of 16.05.2018
2. install ansible-modules-hashivault, due to kubespray refactor vault role
https://github.com/kubernetes-incubator/kubespray/commit/07cc98197187535619ac8e57ee4e04ae02631a5
installer-type:kubespray
deploy-scenario:k8-nosdn-nofeature
Change-Id: I2e3ade3b16eac1506e8556fe1820d84d64c09435
Signed-off-by: wutianwei <wutianwei1@huawei.com>
|
|
|
|
|
|
1. fix error that kube_require_packages is undefined
2. add "remote_user: root" in configure-kubenet.yml
if don't add this, it will have issue to connect host.
fatal: [opnfv]:UNREACHABLE! => {"changed": false, "msg":
"Failed to connect to thehost via ssh: Permission denied (publickey,password).\r\n",
"unreachable": true"}
installer-type:kubespray
deploy-scenario:k8-nosdn-nofeature
Change-Id: Ia8d1980ad18375c0cff3a97b284b0f53d7539e23
Signed-off-by: wutianwei <wutianwei1@huawei.com>
|
|
|
|
We need a patch in the ODL role to be able to deploy a stable ODL.
Before this patch, it is not possible to deploy with a stable
version of ODL and we are always deploying with the tip of the branch.
However, it is useful to deploy with a version which we know for sure
that it is working.
deploy-scenario:os-odl-sfc
installer-type:osa
Change-Id: I539a5afa41598f54c3eeb2f1096022c73aa942b9
Signed-off-by: Manuel Buil <mbuil@suse.com>
|
|
The XCI_ANSIBLE_PARAMS is used to pass extra Ansible parameters to XCI.
However, these parameters may not make sense when Ansible is running on
any of the remote nodes, so we should't use it there. If passing
information to "remote" Ansible is required, then we need to come up
with a new variable.
deploy-scenario:os-nosdn-nofeature
installer-type:osa
Change-Id: Ib6343fbfe3af1514c2e7e8948c12e3b19b455fe3
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
The PDF and IDF files contain all the information we need for the
virtual XCI deployment, so we can use it to create a dynamic inventory
and get rid of all the static ones which could easily get outdated
as PDF and IDF files evolve over time.
This inital version of the dynamic inventory contains a lot of
unnecessary generated information but we do that in order to ease
the migration from static files to the dynamic inventory. The dynamic
inventory will be improved in the future as we consume more and more
information from the PDF and IDF files.
Change-Id: Id9f07a61c67a5cffcbc18079a341e5d395020a27
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
Container images have recently changed and this breaks lxc_hosts during
cache preparation as shown below:
May 04 07:59:47 fatal: [controller00]: FAILED! => {"ansible_job_id": "362521755821.32697",
"attempts": 1, "changed": true, "cmd": "chroot /var/lib/machines/ubuntu-xenial-amd64 /usr/local/bin/cache-prep-commands.sh
> /var/log/lxc-cache-prep-commands.log 2>&1", "delta": "0:00:00.018827", "end": "2018-05-04 07:59:45.614668",
"finished": 1, "msg": "non-zero return code", "rc": 1, "start": "2018-05-04 07:59:45.595841",
"stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}
As such, we need to bump the SHA from the Queens branch to include the
fix in XCI.
We also need to bump SHA for repo_build role in order to bring
in some upstream fixes when cloning git repositories.
Change-Id: I9f04313f7eb1606e5e71ab8ecee7148d1c5b75ad
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
Now that the scenario role is recorded as a local fact, we can
include the role directly directly so we don't need the the
intermediate file anymore.
deploy-scenario:os-nosdn-nofeature
installer-type:osa
Change-Id: Ia3c5658826f115538b2a103d987ee8f33d3048b9
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
We can use an XCI specific YAML file to add OSA options which are common
across flavors. Right now, it only overrides the default openSUSE mirror
to use a more stable one.
Change-Id: Iae7d542787ead33be1e64cdeda60761aa401cfde
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
|
|
Commit 269b5fc033b1ee8d14d9d4694f4f0d3765866c0a ("xci: installer: osa:
Fix status report when bootstrapping OSA") removed the 'chdir' parameter
by accident and this broke the OpenStack-Ansible bootstrapping. This
patch brings the missing parameter back.
Change-Id: I0ecfa0eb4c91a9f1dfa2d86a8a50bacdbd224533
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
|
|
|
|
The SSH keys for the OPNFV host have been configured in the
configure-opnfvhost.yml playbook so we shouldn't do that in a playbook
that is only meant to configure the target hosts. As such, fix the group
to use 'k8s-cluster' instead.
Since the targethosts playbook does not apply to all hosts anymore, we
can simply drop the list of required packages and only install 'netaddr'
on the OPNFV host which is the host that needs it. Similarly, the dbus
package is only needed on the targethosts.
Change-Id: I293ad83a3a95797d9025f2cddd7849be7b3a49da
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
Move default k8s-cluster.yml from kubespray/files/ to
role/k8-nosdn-nofeature/files/k8s-cluster.yml since it's scenario
specific. Moreover, we set 'cloud' as kube_network_plugin, which would
use kubnet as network plugin. The kubenet network plugin requires
routing between to be setup by the administrator so we need to add
static routes on every host since they are connected using a bridge
instead of a router.
installer-type:kubespray
deploy-scenario:k8-nosdn-nofeature
Change-Id: I6ab7288c966d7f17e9d61279056f7673be37bebe
Signed-off-by: wutianwei <wutianwei1@huawei.com>
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
Fixes the following ansible-lint warning
[WARNING]: While constructing a mapping from /home/devuser/releng-
xci/xci/installer/osa/playbooks/configure-opnfvhost.yml, line 113,
column 7,
found a duplicate dict key (args). Using last defined value only.
We also remove the changed_when value since we now use 'args' to get
proper status report.
Change-Id: I382e3183b66e590462fbcb8663d53cade0e5d92c
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
The upstream PR to include openSUSE support has been merged so we need
to bump the SHA to make it available in XCI.
Change-Id: Ida5bd05ce8b0c883b6d7582a495ca934ecc4b1f1
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
add the k8-nosdn-noeature and k8-canal-nofeature roles under scenarios directory
run different roles to configure the k8s-cluster according to the deploy scenario
installer-type:kubespray
deploy-scenario:k8-canal-nofeature
Change-Id: Ia96b01f79fb058e045c5b7d9d9aecb7f15a21e63
Signed-off-by: wutianwei <wutianwei1@huawei.com>
|
|
This change updates prepare-functest role for testing k8s scenarios
using functest healthcheck. The changes include
- update tasks to skip checking/creation of public gateway which
is needed for OpenStack based scenarios
- update run-functest.sh.j2 template and set the used docker image
name based on FUNCTEST_SUITE_NAME that is going to be used
- update run-functest.sh.j2 template and add commands needed to run
tests using functest-kubernetes-${FUNCTEST_SUITE_NAME} docker image
- update env.j2 to exclude setting the var EXTERNAL_NETWORK which is needed
for OpenStack based scenarios
Apart from updating the the prepare-functest role, a bug has also been fixed
by adding the fetching of xci.env for installer kubespray.
installer-type:kubespray
deploy-scenario:k8-nosdn-nofeature
Change-Id: Ia701db9748ea9509a2dc165341285fb189aa7266
Signed-off-by: Fatih Degirmenci <fdegir@gmail.com>
|
|
sfc scenario fails when running the functest snaps-healthcheck.
The reason is a race condition found in ODL Nitrogen.
This race condition is gone in ODL Oxygen. We need latest ODL role
to include the ODL Oxygen version
Depends-On: I59802f467a77ae755886e4cc389c2406e9d17d4c
deploy-scenario:os-odl-sfc
installer-type:osa
Change-Id: I6d575370834eabb1b6a0532f74e1b2fc733e500c
Signed-off-by: Manuel Buil <mbuil@suse.com>
|
|
|
|
|
|
|
|
The conditional was wrong since it was being treated as a string
instead of actually evaluating it as a boolean value.
Change-Id: I59802f467a77ae755886e4cc389c2406e9d17d4c
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
In the OpenStack-Ansible installers we are using the XCI ssl
certificates for the endpoints but in kubespray we are generating them
on the fly. In order to keep both setups as close as possible, we can
use the XCI certificates in kubespray as well.
Change-Id: I1ca55127fe747618205394c02b3d44bb573435f4
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
The tasks for creating and managing the XCI SSL certificates
can be shared between installers so move them to a common file.
Change-Id: I9df82517e737681420429a992aa8d68e78528fd4
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
Drop the kubespray specific tasks for managing the SSH keys in favor of
the common ones.
Change-Id: Ib8e18fcc14c4c0126cae72740dbb33921a21af6b
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
|
|
|
|
(this commit fixes many things because they all need to be submitted
together to unblock the jobs)
Commit 9e1d3d6e62abf5d0da26a296bcd235f37a54d9c6 ("xci: playbooks: Fixes
various ansible-lint warnings") broke public key authentication from
localhost to the OPNFV host because the localhost pubkey was not
appended in the authorized_keys file. The reason for that was that the
task was skipped due to the 'creates' parameter. This is now fixed, by
dropping the check since we always need to append the localhost pubkey.
This is only a temporary solution until we modify kubespray to use the
common file for managing the SSH keys.
This also makes the final 'kubectl' move to /usr/local/bin non-fatal
since future kubespray releases put it there already.
The same commit also broke the k8s-cluster.yml overrides. This is
because the file was never copied across due to the task conditional
being wrong. As such, we fix the conditional to check for the correct
file.
Change-Id: I9cfb29eba50c7fea9df29581ebb015163b8a9754
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
The bootstrap script from the OpenStack-Ansible repository creates
several things in /opt/ansible-runtime and /usr/local/bin so we can
check if the final 'openstack-ansible' symlink exists in order to
report a proper status for that task and even skip if everything
is prepared already.
Change-Id: I4ca3a733746f8d757aa1156b533e4b4de90188e6
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
Ansible already provides modules to create ssl certificates so we can
use these instead of running the openssl commands directly. Moreover, we
can drop all the tasks which create the ssl directories since there are
being created by the openssl package which also creates the appropriate
symlinks. Finally, there is no need to generate the certificate on
localhost if only the OPNFV host consumes it, so move these steps to
the appropriate playbook.
Change-Id: I0045945c502013be3d76440876e894a44a092690
Signed-off-by: Markos Chandras <mchandras@suse.de>
|