Age | Commit message (Collapse) | Author | Files | Lines |
|
In CentOS and Suse, /etc/ssl/certs is a symbolic link to
/etc/ssl/pki/tls/certs. The Ansible module "file" will fail if it is asked to
create a directory which is already a symbolic link.
This patch will check if /etc/ssl/certs exists before trying to create it.
The same check is done both on the host and the opnfv guest VM.
Also, /etc/certs is only writable by root, so we need a "become: true" clause
to be able to modify it in localhost (but not in opnvf VM).
Change-Id: Iab6c3c162548f84ad6082829e4a7c2ab63d2cfa0
Signed-off-by: Tapio Tallgren <tapio.tallgren@nokia.com>
|
|
* changes:
xci: xci-deploy.sh: Apply workaround for checking db cluster on SUSE
xci: playbooks: synchronize-time: Fix service name for openSUSE
xci: configure-opnfvhost: Do not run 'remove-folders'
xci: scripts: build-dib-os.sh: Pin diskimage-builder
xci: configure-opnfvhost: Do not check /etc/ssl/certs on SUSE
|
|
In openSUSE, the chrony service is 'chronyd'.
Change-Id: Ifb946b0ba49783108a84dd5b998d9d45f5c9df51
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
The versions for the OpenStack services and global requirements
need to be pinned alongside with the OSA SHA1 and the role versions
to ensure we pinned everything.
This change is required for osa-periodic jobs as well since that
job will use sources-branch-updater.sh script and the script updates
these files to ensure things are pinned correctly.
modified: ansible-role-requirements.yml
modified: global-requirement-pins.txt
modified: playbooks/defaults/repo_packages/openstack_services.yml
modified: releasenotes/notes/glance-init-config-overrides-d1c8c3dcc50c109a.yaml
modified: releasenotes/notes/neutron-init-config-overrides-9d1d2b3b908705ed.yaml
modified: releasenotes/notes/trove-init-config-overrides-a78ed428a32adef8.yaml
By doing this change, we do not need to have any
magic to capture updates to those files. Just updating the files
we keep in xci/file folder will be sufficient and they get copied
over during the playbook execution.
Change-Id: Iae0db22574a0368e896132469a8587d1457ce177
Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
|
|
The OPNFV node is brand new and it doesn't have any traces
of XCI directories so there is no point in running the
'remove-folders' role.
Change-Id: Ic9b9203cc14abda2dab406de6a5feeef6a1b7e2a
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
This is similar to Ibc188b76f47c4f7d1c5aa452a21e838420d65e6a
/etc/ssl/certs is a symlink so skip this task on SUSE.
Change-Id: Iae38640501748dc3dd802ce795acfaeefd836c97
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
Functest complains that it cannot connect to the installer because it does
not understand the ip or hostname. The cause for this is the quotes in the
template
Change-Id: I75c30b7f1bbcee3f968692b4347ceb13ab1131d2
Signed-off-by: Manuel Buil <mbuil@suse.com>
|
|
Functest requires xci deployment to have:
- A public neutron network
- A subnet attached to the public neutron network
- The gateway from the subnet attached to one interface
The network and subnet creation are done via a script
instead of using Ansible OpenStack module in order to
get things working asap.
These three tasks are implemented in a role
This patch depends on a pending patch:
https://gerrit.opnfv.org/gerrit/#/c/39517/2
Change-Id: I0635227153087fd9e25b76f0859f82bf48bfb930
Signed-off-by: Manuel Buil <mbuil@suse.com>
Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
|
|
|
|
* changes:
xci: configure-localhost: Do not check /etc/ssl/certs on SUSE
xci: xci-deploy.sh: Ensure env_reset is not present
|
|
* changes:
xci: Move the destroy-env.sh script to xci-deploy.sh
xci: provision-vm-nodes.yml: Merge plays
|
|
|
|
Docker is needed for running tests against the deployment.
Shade is needed for managing OpenStack via Ansible.
This change adds tasks to install docker and shade on opnfv
host if it is run as part of CI.
Users should be free to install these if they want so it is
not installed for them by default.
Change-Id: Idfd0f02312cc5e1b0180ed2408755a8c730b987b
Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
|
|
/etc/ssl/certs is a symlink so skip this task on SUSE.
Change-Id: Ibc188b76f47c4f7d1c5aa452a21e838420d65e6a
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
There is no particular need to execute the bash script using Ansible.
Lets move it to the xci-deploy.sh script instead.
Change-Id: I0fa91195d9c3647bb4766d76c28892e2f13e1e98
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
This is a continuation of I0a49e2ed8d811bb40a99612462752f8691133e0f
We need to convert these two plays to include the variable files
dynamically similar to the rest of the playbook.
Change-Id: I43203651ccafb03e015bfe4d1b075a7ee96b5adc
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
There is no need to have multiple plays executed on a single host group
so merge them all together into a single one.
Change-Id: Ie190cdecfbdcba48f75b21aa5930e1d9b8392aa0
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
This is similar to 0927671781f6875926dac2e5f4bb10816e67070c. We need
elevated privileges to remove the XCI_DEVEL_ROOT directory so move this
role to its own play.
Change-Id: Ice4f030eeb28cd24a6166f11a5a792ab3df8880c
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
The bifrost-provision.sh script will provision machines using Ansible
playbooks. If we run this script in an Ansible playbook, that means that
we will run Ansible with Ansible and this can only lead to further
confusion when debugging issues. As such, since we already have a script
to provision machines, lets use it directly from the xci-deploy.sh
script. This also reverts 3f04e1fd72b14420788af64b14c35a5f74727f82 which
added virtualenv support in bifrost since that causes more problems than
it fixes for the time being.
Change-Id: Id82b7c06a2af28b66f64f1966227888227ec276f
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
Since I00d77e1fc62cccda7920af3469af9d44247780f4 the entire XCI_DEVEL_ROOT
is being removed. However, some of the files are owned by root so we
need elevated privileges to remove these files and directories
Change-Id: Ie10018ded198b922077e38fa5776fca098418192
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
|
|
It is important to start with a clean XCI_DEVEL_ROOT in order to
ensure the leftovers from the previous deployment doesn't result
in successful or failed deployments due to not having it in sync
with the latest updates.
Change-Id: I00d77e1fc62cccda7920af3469af9d44247780f4
Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
|
|
The roles should pull all the packages they need so we need to install
the 'chrony' package everywhere and also drop the Xenial reference since
there is nothing Ubuntu specific here.
Change-Id: I51fb24573c0e884f8a96868e304b23140cc23b41
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
We need to explicitly install the nfs server package instead of bundling
it to the dib image since not every node needs it.
Change-Id: I73f59f4ed582359df80ea08712b433537c087aea
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
Add ability to restart the NFS server on SUSE hosts.
Change-Id: Id5f0edb399151c62302b2e36bb9451ed35501d3f
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
Change-Id: I42c6f5f07ac87b5599758947fabe5fce36d44a2e
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
If OSA version is set to master, we should use the role versions
directly from upstream to ensure we do not cause issues by the
use of wrong role versions.
Change-Id: I26005d23944445bf287384f90c7f2e139224ab23
Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
|
|
vars_files doesn't support loading files with variables in their names.
As such we add a new task to include these files before running any of
the roles. This fixes warnings like this:
Info: Starting provisining VM nodes using openstack/bifrost
-------------------------------------------------------------------------
No config file found; using defaults
skipping vars_file '../var/{{ ansible_os_family }}.yml' due to an undefined variable
skipping vars_file '../var/{{ ansible_os_family }}.yml' due to an undefined variable
skipping vars_file '../var/{{ ansible_os_family }}.yml' due to an undefined variable
skipping vars_file '../var/{{ ansible_os_family }}.yml' due to an undefined variable
skipping vars_file '../var/{{ ansible_os_family }}.yml' due to an undefined variable
skipping vars_file '../var/{{ ansible_os_family }}.yml' due to an undefined variable
Change-Id: I0a49e2ed8d811bb40a99612462752f8691133e0f
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
|
|
Instead of making OSA to generate self signed certs, bring our
own and pass them.
By this way we will be able to trust in that certs, and start
consuming OpenStack easily.
It will also generate proper openrc file to source it and start
consuming the cloud properly.
Change-Id: Ic72a8b05e6efb222926fc5fa0800e033b2dbd22f
Closes-Bug: RELENG-266
Signed-off-by: Yolanda Robla <yroblamo@redhat.com>
|
|
chrony randomly fails with the following issue
TASK [synchronize-time : synchronize time]
*************************************
fatal: [controller00]: FAILED! => {"changed": true, "cmd": "chronyc -a 'burst 4/4' && chronyc -a makestep", "delta": "0:00:00.004991", "end":
"2017-09-14 19:30:37.561972", "failed": true, "rc": 1, "start": "2017-09-14 19:30:37.556981", "stderr": "", "stdout": "200 OK\n503 No
such source", "stdout_lines": ["200 OK", "503 No such source"],"warnings": []}
As such, lets retry a few more times before giving up.
Change-Id: I20767bb3031061c03c9ba8dbc65859c7312bfac9
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
This is a temporary fix to get noha and ha flavors working.
We should normally use bifrost inventory and have templates for
opnfv, controller, and compute groups rather than per host basis.
But since that is still pending to be done, this change tries to
make sure what we have now continues working.
Change-Id: I9132c474754f4d11d1b9e4b1288b449703994db8
Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
|
|
There is nothing Ubuntu specific in this role apart from the nfs server
service name. As such we remove the block statement and make the service
name configurable in order to prepare for multidistribution support.
Change-Id: I3c8202315fc49b5e5afc2a0d03eaf80d83db5f4c
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
Move the network templates inside the role since it's their only user.
Moreover, remove the arguments when we include the role in playbooks and
move the distro logic to the role itself.
Change-Id: I938686fdb31b9896b9e97339799a0edd4c34bf36
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
These changes are needed as part of migrating xci from releng repo to the releng-xci repo.
They cover:
- README updates
- Re-point configuration from releng/prototypes to releng-xci
The changes have been tested as follows:
- XCI_FLAVOR=aio
- OPENSTACK_OSA_VERSION=adfaa66d6108f87599e0595591b39cad2c8fb658
xci: aio has been installed
real 107m5.310s
user 11m50.180s
sys 4m11.152s
ubuntu@rack-IRA2-SymKloudBlade4:~/releng-xci/xci$
Change-Id: I8fd86c2442ee3a7c6996eedb6510dbc6eebd30b0
Signed-off-by: Dave Urschatz <dave.urschatz@cengn.ca>
|
|
These packages are needed by pw-token-gen.py tool
Change-Id: Ib9d165274449551a469e201da9feeffac5a7a4cf
Signed-off-by: Juan Vidal Allende <juan.vidal.allende@ericsson.com>
|
|
This will allow to define the XCI_EXTRA_VARS_PATH, that can
contain group_vars/all (or any other valid files), and those
will be copied inside releng and bifrost playbooks.
Change-Id: I95e4b0bfb67f26bfa1eb10c97096784eb7f3a87a
Signed-Off-By: Yolanda Robla <yroblamo@redhat.com>
|
|
We no longer run everything as root so we need to look for SSH keys
in the appropriate home directory.
Change-Id: Iae1f7eb80059e7d369c8e0c8b6c33c6a4f673f94
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
Putting the host keys in '/' requires root privileges so
it's best if we place them in the same directory like the
rest of the XCI files.
Change-Id: I030ed3d6cbb57bb984a78aeffb4eca2bd5c10bb0
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
When developing XCI features it's useful to be able to use the local
repositories rather than cloning them from git since that makes
it harder to test local modifications against XCI. As such, we add
three new variables which can be used to hold local paths to the
bifrost, releng and openstack-ansible repositories. We are still
cloning the repositories but we then use the 'synchronize' Ansible
module to copy modified files from the local repositories.
Change-Id: I6d593ea48d8b9c51415d9d0848f77a498ef2f486
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
Since we are operating on localhost, there is no need to do that via ssh
so we use 'connection: local' instead. Moreover, we do not need to
execute everything as root so we drop the remote user directive.
Change-Id: Ib2127edad29e2da1cd1beebf42cb8f0d278ce3ad
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
There is no need to provision VM nodes as root. The only thing that we
need to run as root is the destroy-env.sh script and for that we move
it to its own play so we can use Ansible's become directive. Moreover,
since this playbook operates on localhost we can use 'connection: local'
so we don't have to execute everything via ssh and possibly speed up
the whole process.
Change-Id: Ia9efd5f30e95385b5cf193dde352f93551846c0e
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
|
Role requirements file is used during ansible bootstrap on opnfv
host so we must ensure the right ansible role requirements is there
in advance.
Change-Id: I2c5a1edd82a51cbbe1469c31f37b5d638d32ec27
Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
|
|
Pinned versions used to be used only if XCI_LOOP == 'daily', but it
seems to be required, otherwise this is very likely to fail
Change-Id: I21f638bba75846a58b12373a903d414fa89b4bc6
Signed-off-by: Juan Vidal <juan.vidal.allende@ericsson.com>
|
|
They are exactly same now after moving nfs to compute00.
Change-Id: I9d9d2f037aa3684ba130ae0a4f9aef2e733f2d2e
Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
|
|
This change
- switches cinder backend from lvm to nfs as examplified in [1].
- moves nfs shares from compute01 to compute00 in order to merge
configure-targethosts.yml playbook in upcoming change.
- updates openstack_user_config.yml to reflect the switch to nfs
and move of nfs server to compute00.
- removes exports file due to switching to lineinfile module.
[1] https://docs.openstack.org/project-deploy-guide/openstack-ansible/draft/app-config-prod.html
Change-Id: I0715c98a89ab124256e3857c1047e374f261e39b
Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
|
|
For some reason, when the nodes are provisioned, they are out
of sync time-wise. This prevents neutron agents on compute nodes
from starting and then everything fails.
This change restarts chrony after the network configuration is updated
and the nodes have internet access and force synchs time on nodes.
Change-Id: Ib27b1fa0313223b52fa2e6229d5a179581d62686
Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
|
|
This change
- sets static IP for controller nodes' vxlan bridges as stated
in osa documentation: compute and network hosts must have an IP [1]
- configures IPs for controller nodes' vxlan bridges.
- removes the additional vlan ip from compute nodes as it seems to
be there for all in one.
- removes glean.rules as they mess with the network configuration once
the network changes are applied.
- removes the contents of interfaces.d as osa populates config for
lxc bridges and includes this config in interfaces file thus all the
files in interfaces.d must be removed in order not to mess with the
network configuration.
- updates modules appropriately.
[1] https://docs.openstack.org/project-deploy-guide/openstack-ansible/draft/app-config-prod.html
Change-Id: I84d5f07216c8d0246da06080fb0ed19f917d6637
Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
|
|
Change-Id: Ibc1b9662bb9865c0e309128327d620324ddca85c
Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
|
|
XCI has different jobs/loops to run
- patchset verification jobs (currently bifrost and osa in future)
- periodic jobs (bifrost and osa)
- daily jobs (for OPNFV platform deployment and testing)
The same scripts/playbooks used by XCI will also be used by developers.
We need to do different things depending on the context the scripts
and playbooks are executed.
- periodic jobs will use latest of everything to find working versions
of the components. (periodic osa will use unpinned role requirements
for example)
- daily jobs will use pinned versions in order to bring up the platform
and run OPNFV testing against it. (daily deployment will use pinned
versions and role requirements for example)
- developers might choose to use pinned versions or latest
Depending on what loop we are running, we need to do things differently
in scripts and playbooks. This variable will help us to do this in easy way.
We can of course do pattern matching of the job name but it will not
work if the scripts are used outside of Jenkins.
The default loop for non-Jenkins execution is set to daily as we want
developers to use working versions unless they change it to something
else intentionally.
Change-Id: Iff69c77ae3d9db2c14de1783ce098da9e9f0c83d
Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
|