80 Commits

Author SHA1 Message Date
caoyuan
747e8f2057 Disable the ntp service when bootstrap-servers
since we use chrony container to adjust time by default, we no need
to enable ntp service, this ps to disable it.

Change-Id: I2f1fd9269c9f8cfd0c98e0e903ba69de692473a0
2018-08-03 08:48:05 +00:00
Zuul
3e45b2cbec Merge "Use include_tasks instead of include" 2018-07-27 08:16:08 +00:00
Jeffrey Zhang
b51eeed89e Use include_tasks instead of include
include is marked as deprecated since ansible 2.4[0]

[0] https://docs.ansible.com/ansible/2.4/include_module.html#deprecated

Co-Authored-By: confi-surya <singh.surya64mnnit@gmail.com>
Change-Id: Ic9d71e1865d1c728890625aeddf424a5734c0a8a
2018-07-25 23:57:22 +08:00
Mark Goddard
0cc2daa57d Fix sudoers in bootstrap-servers when user != group
In some cases we may want a configuration in which the kolla user's
primary group name is not the same as their username. Doing this
currently breaks the sudoers configuration, since user entries should
reference a user, or a group prefixed with a '%'.

There does not seem to be a good reason to give root privileges to the
entire group (which sometimes may be a shared group), so let's revert to
giving only the user root privileges.

See kayobe CI test [1] in which a different user and group were
configured, leading to permission denied when using kolla ansible.

[1] http://logs.openstack.org/53/581053/2/check/kayobe-overcloud-centos/a70168e

TrivialFix

Change-Id: I677778ebd0de58df0adfa2a8705f161ec5552283
2018-07-10 12:45:23 +01:00
Mark Goddard
8ec92df8e3 Make sudoers config optional in bootstrap-servers
In some environments it may not be desirable to modify the sudoers
configuration. This change makes this part of bootstrap-servers
optional, based on the create_kolla_user_sudoers variable.

Change-Id: I653403bfc5431741807edef57df58e05e679900b
2018-07-09 19:10:39 +01:00
Mark Goddard
2a69050e37 Append to kolla user groups in bootstrap-servers
This makes the bootstrap-servers command more idempotent, since without
the append argument set the kolla user will be removed from the docker
group before being added to it again in a later task.

TrivialFix

Change-Id: Iab0f6b5e18a103e9140631ee3ebbbb48c490bc24
2018-07-09 19:05:24 +01:00
Mark Goddard
4283dff9b4 Fix ownership of virtualenv in bootstrap-servers
In I86bf5e1df3d6568c4f1ca6f4757f08a3dd22754d, creation of the kolla user
was moved to after package installation to ensure the sudo package is
installed when required. This change does not work when python
dependencies are installed in a virtual environment however - when the
virtualenv variable is set.

This change moves the ownership change of the virtualenv to after the
kolla user has been created. It also uses the kolla_user and kolla_group
variables to set the user and group appropriately.

Change-Id: I320e5d611099ad162945a98d5505a79606da0eba
TrivialFix
2018-07-09 18:58:53 +01:00
Zuul
17cc67816f Merge "Option for enable SSL verification on docker registry" 2018-07-04 15:02:55 +00:00
Kevin Tibi
acfc4fd26a Option for enable SSL verification on docker registry
By default, kolla configure docker to use an insecure connection
with the private registry. If we want to use SSL verification we need
to add an option.

Change-Id: Id1805c9cfeb499da9bb56c70028f14c6f8bb20b6
2018-07-02 17:01:29 +02:00
fan_guiju
9ff5d5483e Add sudo package for bootstrap-servers
sudo package is required when we use ubuntu base on centos to deploy.

The following tasks belong to the environment check after
installation of environment-related software packages.
So, move to the post-install module.

    Create kolla user
    Add public key to kolla user authorized keys
    Grant kolla user passwordless sudo
    Ensure node_config_directory directory exists for user kolla
    Ensure node_config_directory directory exists

Change-Id: I86bf5e1df3d6568c4f1ca6f4757f08a3dd22754d
Closes-Bug: #1777571
2018-06-25 16:22:11 +08:00
Liping Mao (limao)
01be6a3b4e remove unused template file in baremetal role
Change-Id: I5f8598368ad93530d159816c004f27765b165afc
2018-06-07 16:37:24 +08:00
Kevin Tibi
b6bab5b931 Add custom option for docker
Some options can't be add in the daemon.json
The only way to configure daemon is to add option in the service file

Change-Id: I88697951ed6518f62bca30bb52288ad0e487ec03
2018-05-30 17:45:27 +02:00
Jeffrey Zhang
c567055176 Fix ansible warning
- rename action and serial to kolla_ansible and kolla_serial
- use become instead of "sudo <command>" in shell
- Remove quota for failed_when and changed_when in rabbitmq tasks

Change-Id: I78cb60168aaa40bb6439198283546b7faf33917c
Implements: blueprint migrate-to-ansible-2-2-0
2018-05-11 02:54:02 +00:00
Eduardo Gonzalez
ea1a1dee0d Verify YAML syntax in gates
This patchset implements yamllint test to all *.yml
files.

Also fixes syntax errors to make jobs to pass.

Change-Id: I3186adf9835b4d0cada272d156b17d1bc9c2b799
2018-03-26 17:56:22 +02:00
Zuul
2381fa89f6 Merge "Support virtualenv installation in baremetal role" 2018-03-24 15:00:01 +00:00
Zuul
7dc385577f Merge "Add a configuration about docker runtime directory" 2018-03-14 07:14:46 +00:00
Zuul
83573ca16e Merge "Use kolla_user variable to setting kolla user name" 2018-03-06 13:27:27 +00:00
zhubingbing
83fe717837 Use kolla_user variable to setting kolla user name
Change-Id: I653e16270aab539edcec6d8622f0a1c06d04b492
2018-02-27 15:39:27 +08:00
Zuul
dd694b2362 Merge "Fix the warning when reload the docker" 2018-02-26 09:46:17 +00:00
caoyuan
37ef38b6a3 Fix the warning when reload the docker
use systemd module to reload the docker service, rather than
command

Change-Id: I2e3b2299365701a08de4025d6ad34cb492b33fda
Closes-Bug: #1751690
2018-02-26 03:24:24 +00:00
Zuul
151d7fff55 Merge "Update task about selinux set." 2018-02-13 07:24:52 +00:00
David Rabel
12e0c5ae8e Use apt Ansible module instead of apt-get to update cache
Ansible recommends to use apt module instead of apt-get.
This patch fixes install.yml and pre-install.yml accordingly.

Change-Id: I3241ce332e7cf522786e78280643440a30a23875
Closes-Bug: #1747436
2018-02-05 15:38:17 +01:00
pengdake
4f98f08ffa Update task about selinux set.
1.Fix the invalid value about selinux policy
2.Update description of task about selinux.The permissive mode
need enable selinux.The parameter named "disable_selinux" is not good.
In order to customize selinux modes, we need a new
parameter named "selinux_state".

Closes-Bug: #1749046
Change-Id: I20c084cf2e46cc0de149afbd34c6dcb77a1051f4
2018-02-03 22:30:24 +08:00
Mark Goddard
69979efc2e Support virtualenv installation in baremetal role
Installing python packages directly to the system site-packages can
cause various problems, in particular when pip overwrites a system
package. Python virtualenvs are one solution to this issue, as they
allow python packages to be installed in an isolated environment.

This change adds support to the baremetal role for installing python
dependencies in a virtualenv. Typically we will need to enable use of
system site-packages from within this virtualenv, to support the use of
modules such as yum, apt, and selinux, which are not available on PyPI.

The path to the virtualenv is configured via the 'virtualenv' variable,
and access to site-packages is controlled via
'virtualenv_site_packages'.

When executing other kolla-ansible commands, the variable
'ansible_python_interpreter' should be set to the python interpreter
installed in 'virtualenv'. Note that this variable cannot be templated.

Change-Id: I0741923065246f9c5b168059fcd66504f2753c41
Related-Bug: #1731026
2018-01-21 08:59:49 +00:00
pengdake
f3e19ecf7b Add a configuration about docker runtime directory
Control the disk space used for Docker images, containers and
volumes is important for us.We need add configuration of
docker daemon to control the disk spaces used for docker images,
containers and volumes.

Change-Id: I3cf99f4e3f62c8406d37201b1cc24a83c68e3b27
Signed-off-by: pengdake <19921207pq@gmail.com>
2018-01-13 09:51:08 +08:00
Tone.Zhang
3886918c1f Change the docker daemon name in Debian 9 on Arm
Enable docker-ce on AArch64 platform in Debian.
Set the docker daemon name according to the existing of "dockerd" binary.

Closes-Bug: #1734255

Co-authored-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>

Change-Id: Ie0b3bac72b408dccf3fb99912b4fe2d4788705e5
Signed-off-by: Tone.Zhang <tone.zhang@arm.com>
2018-01-09 15:02:40 +08:00
Zuul
68d0a213b0 Merge "Unify global syntax in baremetal role" 2017-10-24 09:17:38 +00:00
Jenkins
002addc6da Merge "Added open-iscsi to default removals" 2017-09-25 09:27:37 +00:00
Eduardo Gonzalez
fa06dcd37b Fix ci gate failure
This patch includes three unrelated fixes.

Make qemu use nova user in centos
Libvirt 3.2.0 (latest version in centos) seems to
have changed behavior of dynamic_ownership.

Pin ansible to <2.4 to make ara work in gates
ARA does not work yet with ansible 2.4, this change
pins to lower version to make gates work.
Revert once ara works with 2.4

Disable selinux for oraclelinux and centos.

Co-Authored-By: wanghongxu <wang19930902@gmail.com>
Co-Authored-By: Jeffrey Zhang <jeffrey.zhang@99cloud.net>
Change-Id: Iac8bec19437192cd198d58f71c6ed0a65a76f820
Closes-bug: #1718541
2017-09-23 09:03:52 +08:00
Eduardo Gonzalez
aa0209c9a4 Unify global syntax in baremetal role
Baremetal roles does not keep common sytax used
in rest of the roles, even it baremetal role some
tasks differs in syntax with each others.

Change-Id: Ib04fe123501e2a3e829176953f20719a253999d3
2017-09-19 11:23:20 +02:00
James Benson
8e1940d47a ntpd behind proxy fails
Change-Id: I0447e90f53f9b04315bc4e6618e528351521e05d
Closes-Bug: #1705558
2017-07-23 03:09:00 +00:00
Jenkins
7333ae330f Merge "Upgrade from docker-py to docker" 2017-07-19 03:19:33 +00:00
Bertrand Lallau
8b5b3cef4e Clean some Boolean condition checks
* "bool" filter is removed when not required
* 'not' is used instead of '== False' check

Change-Id: I85a5bb9a5ea874ac1c397cbf8de416147d2424c3
2017-07-10 15:00:28 +00:00
Hongbin Lu
3daeea37ea Upgrade from docker-py to docker
The pypi package 'docker-py' [1] has been renamed to 'docker' [2].
It is better to move to the new 'docker' package because the old
package will be deprecated and all the new features will go into
the new package only.

Package 'docker' has been added to requirements [3]. The old
package 'docker-py' is still allowed to be in the global requirements
during the transition period but it should be removed after all or
most of the projects finsih the migration.

[1] https://pypi.python.org/pypi/docker-py
[2] https://pypi.python.org/pypi/docker
[3] https://review.openstack.org/#/c/423715/

Change-Id: Ibcd5a57a1fbf55dcc5a690e41f20917f95b63da0
2017-07-10 14:19:28 +00:00
Michel Rode
82fe7bc07a Added open-iscsi to default removals
The bootstrapping process should remove the open-iscsi package.
Otherwise the iscsid startup will failed.

Change-Id: I0c31c84f4486bd44c467fbaf7a26563e4dbc5ccf
2017-07-10 12:15:13 +00:00
Jenkins
8bcbf493f1 Merge "Adds NTP sync process to account for ceph time sync requirements. Removes precheck portion of NTP. Corrects for redhat Fixes typo" 2017-07-07 03:11:13 +00:00
Jenkins
9f80f2d8d7 Merge "Fix bootstrap-servers with invalid api_interface" 2017-07-05 00:21:09 +00:00
Bertrand Lallau
6c4d100911 Remove Ubuntu Trusty 14.04 related code
Removed code try to install Wily(15.10) kernel in case of Ubuntu
Trusty(14.04).
Last Openstack version supported on Ubuntu 14.04 is Mitaka.
Hence Ubuntu 14.04 related code can be safely remove from Ansible tasks
since Kolla Newton release.

Co-Authored-By: Duong Ha-Quang <duonghq@vn.fujitsu.com>
Change-Id: Ieca7975a69fb0ba8b49cc522f05e4beca1c2f526
2017-06-28 11:09:10 +02:00
James Benson
844ba6d4ba Adds NTP sync process to account for ceph time sync requirements.
Removes precheck portion of NTP.
Corrects for redhat
Fixes typo

Change-Id: Ic8d2cd3c2ba02f9f672db862a74950dc73753f2d
Closes-Bug: #1700121
2017-06-26 16:17:22 -05:00
Michal (inc0) Jastrzebski
2e3b6639fe Fix baremetal role idempotency
When you add new nodes to existing cluster, docker will restart
all anyway and that will break a lot, including mariadb.

Change-Id: Ie46f99a141f99480a87218ead4b76ba65f2edae9
Closes-Bug: #1699335
2017-06-21 11:04:19 -07:00
Mark Goddard
64b09d6eb0 Fix bootstrap-servers with invalid api_interface
When bootstrapping a host for kolla-ansible the 'kolla-ansible
bootstrap-servers' command can fail if for any of the hosts the
'api_interface' is invalid. This happen if the host does not have a
network interface matching 'api_interface'. This is possible on
a host running bifrost, as bifrost does not require the api_interface
variable to be set.

This change avoids adding a hosts entry for hosts in the bifrost group
that do not have a valid api_interface. It also avoids modifying the
hosts file on hosts in the bifrost group that do not have a valid
api_interface.

Change-Id: Ie111ef54130adf2556ce83c402cdbb5058ace4f6
Closes-bug: #1665364
2017-06-12 14:25:20 +01:00
Michal (inc0) Jastrzebski
f5354f55b1 Enable multinode gate
This patches changes deploy_gate quite a bit so in reality all
deployments will now assume multinode (even if it's single node). After
that we will refactor it even further to enable easy addition of new
scenerios.

Change-Id: I1faada46e6a7aa026128b2f01d77eabb04759439
2017-06-05 11:35:20 -07:00
shaofeng_cheng
7d23bd3712 Fix etc/hosts format with baremetal role
While is not an issue, just an style format,
etc/hosts generated by baremetal role have
some tabs where it shouldn't.

Change-Id: I90d82ea78b3dac7e8ec3f8cc546b67cc61c41536
Closes-Bug: #1692913
2017-05-25 10:43:28 +08:00
Pavel Glushchak
7aeb8a2af5 Fixed libvirt package removal
On RedHat libvirt is just a metapackage and it does
nothing with libvirt daemon itself if we remove it.
On Ubuntu the correct package name with libvirt daemon
is libvirt-bin.

Closes-Bug: #1690356
Change-Id: Ief8dfd8c038b10878621aefcc8f559aa20dc498b
Signed-off-by: Pavel Glushchak <pglushchak@virtuozzo.com>
2017-05-12 14:23:56 +03:00
zhuzeyu
b73f06684f Modify the permission of directory
Considering the safety, 644 is enough
other user is not necessary to having write permission.
adding 'su' in where needs writing permissions is a good practice
this operation is safer.

Change-Id: I45d0c6e5ef7338f93db21cf4ef58b4a4fd831210
2017-03-30 16:43:42 +08:00
Jenkins
9d0daa015a Merge "Enable sanity checks from kolla-ansible" 2017-03-09 17:31:51 +00:00
Paul Bourke
5418ada148 Enable sanity checks from kolla-ansible
Add a new subcommand 'check' to kolla-ansible, used to run the
smoke/sanity checks.

Add stub files to all services that don't currently have checks.

Change-Id: I9f661c5fc51fd5b9b266f23f6c524884613dee48
Partially-implements: blueprint sanity-check-container
2017-03-09 10:37:06 +00:00
caoyuan
c39e896e7c Update the file format for baremetal
Change-Id: I1e90b0aeebaa0db0b91370eccfc0b707d9668752
2017-03-02 05:46:18 +00:00
Jenkins
0a8e2a6206 Merge "Bump docker to 1.12 in bootstrap-servers" 2017-02-07 17:32:18 +00:00
Michal (inc0) Jastrzebski
b0e9b2f33e Bump docker to 1.12 in bootstrap-servers
I've seen issues with API versioning between docker 1.11 and docker-py
in containers. 1.12 seems fine. We should also pin docker-py version in
kolla-toolbox image.

Change-Id: I07d5f573176b79a3775dcab2748f428c114bd985
2017-01-31 19:49:56 +00:00