summaryrefslogtreecommitdiffstats
path: root/xci/playbooks
AgeCommit message (Collapse)AuthorFilesLines
2017-09-29Check if /etc/ssl/certs exists before creating itTapio Tallgren2-3/+10
In CentOS and Suse, /etc/ssl/certs is a symbolic link to /etc/ssl/pki/tls/certs. The Ansible module "file" will fail if it is asked to create a directory which is already a symbolic link. This patch will check if /etc/ssl/certs exists before trying to create it. The same check is done both on the host and the opnfv guest VM. Also, /etc/certs is only writable by root, so we need a "become: true" clause to be able to modify it in localhost (but not in opnvf VM). Change-Id: Iab6c3c162548f84ad6082829e4a7c2ab63d2cfa0 Signed-off-by: Tapio Tallgren <tapio.tallgren@nokia.com>
2017-09-29Merge changes from topic 'fix-vm-on-jenkins'Markos Chandras2-14/+2
* changes: xci: xci-deploy.sh: Apply workaround for checking db cluster on SUSE xci: playbooks: synchronize-time: Fix service name for openSUSE xci: configure-opnfvhost: Do not run 'remove-folders' xci: scripts: build-dib-os.sh: Pin diskimage-builder xci: configure-opnfvhost: Do not check /etc/ssl/certs on SUSE
2017-09-28xci: playbooks: synchronize-time: Fix service name for openSUSEMarkos Chandras1-1/+1
In openSUSE, the chrony service is 'chronyd'. Change-Id: Ifb946b0ba49783108a84dd5b998d9d45f5c9df51 Signed-off-by: Markos Chandras <mchandras@suse.de>
2017-09-28Ensure the pinned versions of components match to the pinned OSAFatih Degirmenci1-2/+9
The versions for the OpenStack services and global requirements need to be pinned alongside with the OSA SHA1 and the role versions to ensure we pinned everything. This change is required for osa-periodic jobs as well since that job will use sources-branch-updater.sh script and the script updates these files to ensure things are pinned correctly. modified: ansible-role-requirements.yml modified: global-requirement-pins.txt modified: playbooks/defaults/repo_packages/openstack_services.yml modified: releasenotes/notes/glance-init-config-overrides-d1c8c3dcc50c109a.yaml modified: releasenotes/notes/neutron-init-config-overrides-9d1d2b3b908705ed.yaml modified: releasenotes/notes/trove-init-config-overrides-a78ed428a32adef8.yaml By doing this change, we do not need to have any magic to capture updates to those files. Just updating the files we keep in xci/file folder will be sufficient and they get copied over during the playbook execution. Change-Id: Iae0db22574a0368e896132469a8587d1457ce177 Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
2017-09-28xci: configure-opnfvhost: Do not run 'remove-folders'Markos Chandras1-13/+0
The OPNFV node is brand new and it doesn't have any traces of XCI directories so there is no point in running the 'remove-folders' role. Change-Id: Ic9b9203cc14abda2dab406de6a5feeef6a1b7e2a Signed-off-by: Markos Chandras <mchandras@suse.de>
2017-09-28xci: configure-opnfvhost: Do not check /etc/ssl/certs on SUSEMarkos Chandras1-0/+1
This is similar to Ibc188b76f47c4f7d1c5aa452a21e838420d65e6a /etc/ssl/certs is a symlink so skip this task on SUSE. Change-Id: Iae38640501748dc3dd802ce795acfaeefd836c97 Signed-off-by: Markos Chandras <mchandras@suse.de>
2017-09-27Remove the quotes from the IPManuel Buil1-1/+1
Functest complains that it cannot connect to the installer because it does not understand the ip or hostname. The cause for this is the quotes in the template Change-Id: I75c30b7f1bbcee3f968692b4347ceb13ab1131d2 Signed-off-by: Manuel Buil <mbuil@suse.com>
2017-09-27Create a role which prepares xci for functestManuel Buil5-3/+65
Functest requires xci deployment to have: - A public neutron network - A subnet attached to the public neutron network - The gateway from the subnet attached to one interface The network and subnet creation are done via a script instead of using Ansible OpenStack module in order to get things working asap. These three tasks are implemented in a role This patch depends on a pending patch: https://gerrit.opnfv.org/gerrit/#/c/39517/2 Change-Id: I0635227153087fd9e25b76f0859f82bf48bfb930 Signed-off-by: Manuel Buil <mbuil@suse.com> Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
2017-09-22Merge "Install docker and shade on opnfv host"Fatih Degirmenci1-0/+12
2017-09-22Merge changes from topic 'split-variable-creation-to-task'Markos Chandras1-0/+1
* changes: xci: configure-localhost: Do not check /etc/ssl/certs on SUSE xci: xci-deploy.sh: Ensure env_reset is not present
2017-09-22Merge changes from topic 'split-variable-creation-to-task'Markos Chandras1-29/+0
* changes: xci: Move the destroy-env.sh script to xci-deploy.sh xci: provision-vm-nodes.yml: Merge plays
2017-09-22Merge "Override ansible role versions only if OSA version is not master"Markos Chandras1-0/+2
2017-09-22Install docker and shade on opnfv hostFatih Degirmenci1-0/+12
Docker is needed for running tests against the deployment. Shade is needed for managing OpenStack via Ansible. This change adds tasks to install docker and shade on opnfv host if it is run as part of CI. Users should be free to install these if they want so it is not installed for them by default. Change-Id: Idfd0f02312cc5e1b0180ed2408755a8c730b987b Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
2017-09-21xci: configure-localhost: Do not check /etc/ssl/certs on SUSEMarkos Chandras1-0/+1
/etc/ssl/certs is a symlink so skip this task on SUSE. Change-Id: Ibc188b76f47c4f7d1c5aa452a21e838420d65e6a Signed-off-by: Markos Chandras <mchandras@suse.de>
2017-09-21xci: Move the destroy-env.sh script to xci-deploy.shMarkos Chandras1-16/+0
There is no particular need to execute the bash script using Ansible. Lets move it to the xci-deploy.sh script instead. Change-Id: I0fa91195d9c3647bb4766d76c28892e2f13e1e98 Signed-off-by: Markos Chandras <mchandras@suse.de>
2017-09-21xci: playbooks: Include distribution var files dynamicallyMarkos Chandras3-4/+3
This is a continuation of I0a49e2ed8d811bb40a99612462752f8691133e0f We need to convert these two plays to include the variable files dynamically similar to the rest of the playbook. Change-Id: I43203651ccafb03e015bfe4d1b075a7ee96b5adc Signed-off-by: Markos Chandras <mchandras@suse.de>
2017-09-21xci: provision-vm-nodes.yml: Merge playsMarkos Chandras1-16/+3
There is no need to have multiple plays executed on a single host group so merge them all together into a single one. Change-Id: Ie190cdecfbdcba48f75b21aa5930e1d9b8392aa0 Signed-off-by: Markos Chandras <mchandras@suse.de>
2017-09-21xci: Gain elevated privileges to remove the XCI_DEVEL_ROOT directoryMarkos Chandras2-0/+23
This is similar to 0927671781f6875926dac2e5f4bb10816e67070c. We need elevated privileges to remove the XCI_DEVEL_ROOT directory so move this role to its own play. Change-Id: Ice4f030eeb28cd24a6166f11a5a792ab3df8880c Signed-off-by: Markos Chandras <mchandras@suse.de>
2017-09-21xci: Move VM provisioning to xci-deploy.shMarkos Chandras1-11/+0
The bifrost-provision.sh script will provision machines using Ansible playbooks. If we run this script in an Ansible playbook, that means that we will run Ansible with Ansible and this can only lead to further confusion when debugging issues. As such, since we already have a script to provision machines, lets use it directly from the xci-deploy.sh script. This also reverts 3f04e1fd72b14420788af64b14c35a5f74727f82 which added virtualenv support in bifrost since that causes more problems than it fixes for the time being. Change-Id: Id82b7c06a2af28b66f64f1966227888227ec276f Signed-off-by: Markos Chandras <mchandras@suse.de>
2017-09-18xci: provision-vm-nodes: Use sudo to remove the XCI directoryMarkos Chandras1-2/+9
Since I00d77e1fc62cccda7920af3469af9d44247780f4 the entire XCI_DEVEL_ROOT is being removed. However, some of the files are owned by root so we need elevated privileges to remove these files and directories Change-Id: Ie10018ded198b922077e38fa5776fca098418192 Signed-off-by: Markos Chandras <mchandras@suse.de>
2017-09-18Merge "Ensure XCI_DEVEL_ROOT is removed"Fatih Degirmenci1-0/+1
2017-09-18Ensure XCI_DEVEL_ROOT is removedFatih Degirmenci1-0/+1
It is important to start with a clean XCI_DEVEL_ROOT in order to ensure the leftovers from the previous deployment doesn't result in successful or failed deployments due to not having it in sync with the latest updates. Change-Id: I00d77e1fc62cccda7920af3469af9d44247780f4 Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
2017-09-17xci: synchronize-time: Install the chrony package and drop Xenial referenceMarkos Chandras1-13/+14
The roles should pull all the packages they need so we need to install the 'chrony' package everywhere and also drop the Xenial reference since there is nothing Ubuntu specific here. Change-Id: I51fb24573c0e884f8a96868e304b23140cc23b41 Signed-off-by: Markos Chandras <mchandras@suse.de>
2017-09-17xci: configure-nfs: Install the NFS server packageMarkos Chandras3-2/+8
We need to explicitly install the nfs server package instead of bundling it to the dib image since not every node needs it. Change-Id: I73f59f4ed582359df80ea08712b433537c087aea Signed-off-by: Markos Chandras <mchandras@suse.de>
2017-09-17xci: configure-nfs: Add SUSE supportMarkos Chandras3-2/+12
Add ability to restart the NFS server on SUSE hosts. Change-Id: Id5f0edb399151c62302b2e36bb9451ed35501d3f Signed-off-by: Markos Chandras <mchandras@suse.de>
2017-09-17xci: configure-network: Add ability to configure network on SUSE hostsMarkos Chandras4-5/+77
Change-Id: I42c6f5f07ac87b5599758947fabe5fce36d44a2e Signed-off-by: Markos Chandras <mchandras@suse.de>
2017-09-17Override ansible role versions only if OSA version is not masterFatih Degirmenci1-0/+2
If OSA version is set to master, we should use the role versions directly from upstream to ensure we do not cause issues by the use of wrong role versions. Change-Id: I26005d23944445bf287384f90c7f2e139224ab23 Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
2017-09-15xci: playbooks: Add task for loading distribution variablesMarkos Chandras4-15/+49
vars_files doesn't support loading files with variables in their names. As such we add a new task to include these files before running any of the roles. This fixes warnings like this: Info: Starting provisining VM nodes using openstack/bifrost ------------------------------------------------------------------------- No config file found; using defaults skipping vars_file '../var/{{ ansible_os_family }}.yml' due to an undefined variable skipping vars_file '../var/{{ ansible_os_family }}.yml' due to an undefined variable skipping vars_file '../var/{{ ansible_os_family }}.yml' due to an undefined variable skipping vars_file '../var/{{ ansible_os_family }}.yml' due to an undefined variable skipping vars_file '../var/{{ ansible_os_family }}.yml' due to an undefined variable skipping vars_file '../var/{{ ansible_os_family }}.yml' due to an undefined variable Change-Id: I0a49e2ed8d811bb40a99612462752f8691133e0f Signed-off-by: Markos Chandras <mchandras@suse.de>
2017-09-15Merge "Generate and use certificates for OSA"Fatih Degirmenci2-1/+64
2017-09-14Generate and use certificates for OSAYolanda Robla2-1/+64
Instead of making OSA to generate self signed certs, bring our own and pass them. By this way we will be able to trust in that certs, and start consuming OpenStack easily. It will also generate proper openrc file to source it and start consuming the cloud properly. Change-Id: Ic72a8b05e6efb222926fc5fa0800e033b2dbd22f Closes-Bug: RELENG-266 Signed-off-by: Yolanda Robla <yroblamo@redhat.com>
2017-09-14synchronize-time: Retry if chrony failed due to NTP issuesMarkos Chandras1-0/+4
chrony randomly fails with the following issue TASK [synchronize-time : synchronize time] ************************************* fatal: [controller00]: FAILED! => {"changed": true, "cmd": "chronyc -a 'burst 4/4' && chronyc -a makestep", "delta": "0:00:00.004991", "end": "2017-09-14 19:30:37.561972", "failed": true, "rc": 1, "start": "2017-09-14 19:30:37.556981", "stderr": "", "stdout": "200 OK\n503 No such source", "stdout_lines": ["200 OK", "503 No such source"],"warnings": []} As such, lets retry a few more times before giving up. Change-Id: I20767bb3031061c03c9ba8dbc65859c7312bfac9 Signed-off-by: Markos Chandras <mchandras@suse.de>
2017-09-04bugfix: Add symlinks for interface files for additional hostsFatih Degirmenci3-0/+3
This is a temporary fix to get noha and ha flavors working. We should normally use bifrost inventory and have templates for opnfv, controller, and compute groups rather than per host basis. But since that is still pending to be done, this change tries to make sure what we have now continues working. Change-Id: I9132c474754f4d11d1b9e4b1288b449703994db8 Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
2017-08-25xci: playbooks: configure-nfs: Prepare for multi-distro supportMarkos Chandras2-34/+51
There is nothing Ubuntu specific in this role apart from the nfs server service name. As such we remove the block statement and make the service name configurable in order to prepare for multidistribution support. Change-Id: I3c8202315fc49b5e5afc2a0d03eaf80d83db5f4c Signed-off-by: Markos Chandras <mchandras@suse.de>
2017-08-25xci: playbooks: configure-network: Prepare for multi-distro supportMarkos Chandras6-9/+213
Move the network templates inside the role since it's their only user. Moreover, remove the arguments when we include the role in playbooks and move the distro logic to the role itself. Change-Id: I938686fdb31b9896b9e97339799a0edd4c34bf36 Signed-off-by: Markos Chandras <mchandras@suse.de>
2017-08-16Refactor releng/prototypes/xci to releng-xci/xci in the codeDave Urschatz3-18/+18
These changes are needed as part of migrating xci from releng repo to the releng-xci repo. They cover: - README updates - Re-point configuration from releng/prototypes to releng-xci The changes have been tested as follows: - XCI_FLAVOR=aio - OPENSTACK_OSA_VERSION=adfaa66d6108f87599e0595591b39cad2c8fb658 xci: aio has been installed real 107m5.310s user 11m50.180s sys 4m11.152s ubuntu@rack-IRA2-SymKloudBlade4:~/releng-xci/xci$ Change-Id: I8fd86c2442ee3a7c6996eedb6510dbc6eebd30b0 Signed-off-by: Dave Urschatz <dave.urschatz@cengn.ca>
2017-08-11Fix missing python packages for password generationJuan Vidal Allende1-0/+7
These packages are needed by pw-token-gen.py tool Change-Id: Ib9d165274449551a469e201da9feeffac5a7a4cf Signed-off-by: Juan Vidal Allende <juan.vidal.allende@ericsson.com>
2017-08-11Define an extra vars path and copy into playbooksYolanda Robla1-0/+9
This will allow to define the XCI_EXTRA_VARS_PATH, that can contain group_vars/all (or any other valid files), and those will be copied inside releng and bifrost playbooks. Change-Id: I95e4b0bfb67f26bfa1eb10c97096784eb7f3a87a Signed-Off-By: Yolanda Robla <yroblamo@redhat.com>
2017-08-11prototypes: xci: Look for SSH keys in $HOME directoryMarkos Chandras1-1/+1
We no longer run everything as root so we need to look for SSH keys in the appropriate home directory. Change-Id: Iae1f7eb80059e7d369c8e0c8b6c33c6a4f673f94 Signed-off-by: Markos Chandras <mchandras@suse.de>
2017-08-11prototypes: xci: Move host keys away from / directoryMarkos Chandras2-2/+9
Putting the host keys in '/' requires root privileges so it's best if we place them in the same directory like the rest of the XCI files. Change-Id: I030ed3d6cbb57bb984a78aeffb4eca2bd5c10bb0 Signed-off-by: Markos Chandras <mchandras@suse.de>
2017-08-11prototypes: xci: Add ability to use local repositories for testingMarkos Chandras3-0/+85
When developing XCI features it's useful to be able to use the local repositories rather than cloning them from git since that makes it harder to test local modifications against XCI. As such, we add three new variables which can be used to hold local paths to the bifrost, releng and openstack-ansible repositories. We are still cloning the repositories but we then use the 'synchronize' Ansible module to copy modified files from the local repositories. Change-Id: I6d593ea48d8b9c51415d9d0848f77a498ef2f486 Signed-off-by: Markos Chandras <mchandras@suse.de>
2017-08-11prototypes: xci: configure-localhost: Use 'connection: local'Markos Chandras1-1/+1
Since we are operating on localhost, there is no need to do that via ssh so we use 'connection: local' instead. Moreover, we do not need to execute everything as root so we drop the remote user directive. Change-Id: Ib2127edad29e2da1cd1beebf42cb8f0d278ce3ad Signed-off-by: Markos Chandras <mchandras@suse.de>
2017-08-11prototypes: xci: provision-vm-nodes: Do not provision VMs as root.Markos Chandras1-1/+16
There is no need to provision VM nodes as root. The only thing that we need to run as root is the destroy-env.sh script and for that we move it to its own play so we can use Ansible's become directive. Moreover, since this playbook operates on localhost we can use 'connection: local' so we don't have to execute everything via ssh and possibly speed up the whole process. Change-Id: Ia9efd5f30e95385b5cf193dde352f93551846c0e Signed-off-by: Markos Chandras <mchandras@suse.de>
2017-08-11xci: Ensure ansible is bootstrapped as last stepFatih Degirmenci1-8/+8
Role requirements file is used during ansible bootstrap on opnfv host so we must ensure the right ansible role requirements is there in advance. Change-Id: I2c5a1edd82a51cbbe1469c31f37b5d638d32ec27 Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
2017-08-11xci: Always use pinned versions of openstack-ansible-requirementsJuan Vidal1-2/+0
Pinned versions used to be used only if XCI_LOOP == 'daily', but it seems to be required, otherwise this is very likely to fail Change-Id: I21f638bba75846a58b12373a903d414fa89b4bc6 Signed-off-by: Juan Vidal <juan.vidal.allende@ericsson.com>
2017-08-11xci: Merge configure-targethosts.yml playbooks into oneFatih Degirmenci2-6/+36
They are exactly same now after moving nfs to compute00. Change-Id: I9d9d2f037aa3684ba130ae0a4f9aef2e733f2d2e Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
2017-08-11xci: Change cinder backend and move nfs to compute00Fatih Degirmenci1-6/+13
This change - switches cinder backend from lvm to nfs as examplified in [1]. - moves nfs shares from compute01 to compute00 in order to merge configure-targethosts.yml playbook in upcoming change. - updates openstack_user_config.yml to reflect the switch to nfs and move of nfs server to compute00. - removes exports file due to switching to lineinfile module. [1] https://docs.openstack.org/project-deploy-guide/openstack-ansible/draft/app-config-prod.html Change-Id: I0715c98a89ab124256e3857c1047e374f261e39b Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
2017-08-11xci: Force sync timeFatih Degirmenci1-0/+18
For some reason, when the nodes are provisioned, they are out of sync time-wise. This prevents neutron agents on compute nodes from starting and then everything fails. This change restarts chrony after the network configuration is updated and the nodes have internet access and force synchs time on nodes. Change-Id: Ib27b1fa0313223b52fa2e6229d5a179581d62686 Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
2017-08-11xci: Fix network configurationFatih Degirmenci1-6/+24
This change - sets static IP for controller nodes' vxlan bridges as stated in osa documentation: compute and network hosts must have an IP [1] - configures IPs for controller nodes' vxlan bridges. - removes the additional vlan ip from compute nodes as it seems to be there for all in one. - removes glean.rules as they mess with the network configuration once the network changes are applied. - removes the contents of interfaces.d as osa populates config for lxc bridges and includes this config in interfaces file thus all the files in interfaces.d must be removed in order not to mess with the network configuration. - updates modules appropriately. [1] https://docs.openstack.org/project-deploy-guide/openstack-ansible/draft/app-config-prod.html Change-Id: I84d5f07216c8d0246da06080fb0ed19f917d6637 Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
2017-08-11xci: Fix images directory permissionsFatih Degirmenci1-1/+1
Change-Id: Ibc1b9662bb9865c0e309128327d620324ddca85c Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
2017-08-11xci: Introduce XCI_LOOP variable to control what to do properlyFatih Degirmenci1-0/+2
XCI has different jobs/loops to run - patchset verification jobs (currently bifrost and osa in future) - periodic jobs (bifrost and osa) - daily jobs (for OPNFV platform deployment and testing) The same scripts/playbooks used by XCI will also be used by developers. We need to do different things depending on the context the scripts and playbooks are executed. - periodic jobs will use latest of everything to find working versions of the components. (periodic osa will use unpinned role requirements for example) - daily jobs will use pinned versions in order to bring up the platform and run OPNFV testing against it. (daily deployment will use pinned versions and role requirements for example) - developers might choose to use pinned versions or latest Depending on what loop we are running, we need to do things differently in scripts and playbooks. This variable will help us to do this in easy way. We can of course do pattern matching of the job name but it will not work if the scripts are used outside of Jenkins. The default loop for non-Jenkins execution is set to daily as we want developers to use working versions unless they change it to something else intentionally. Change-Id: Iff69c77ae3d9db2c14de1783ce098da9e9f0c83d Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>