The 'provisioning_network_uuid' and 'cleaning_network_uuid' options have
been deprecated for 'provisioning_network' and 'cleaning_network'
respectively.
These options now allow either a network UUID or name. The tasks to
determine a UUID from a given network name should no longer be
necessary, but if a deployer provides a UUID prioritize that over the
name within the ironic.conf template.
Change-Id: I85f197e56ced6a73dd470c0625b6d9b5958f5159
This change adds support for the oneview drivers (agent, iscsi).
Note that changes on the ironic installation will occur only when
the oneview drivers are being used (agent_pxe_oneview or
iscsi_pxe_oneview are in the ironic_openstack_driver_list). This
means that this patch should not change anything on the the default
ironic installation (using agent_ipmitool driver).
Change-Id: I969df888c6a8b68e7a1a0643b46eee4b546ec13c
This patch ensures that all directories under `/openstack/venvs`
are created with `0755` permissions by default. This prevents
permission denied errors when running certain commands from the
virtual environment.
Change-Id: Id93d49a4bd6ce2a056d41aea54ec9299d9d32b5c
Fixes the ability to deploy a venv in cases where:
1) developer_mode is not enabled
2) A cached venv is not downloaded from the repo server
Additional cleanup to the developer_mode venv deployment
logic is implemented by adding a *_venv_download var
which is used to decouple developer_mode from the
cached venv extraction process so that a deployer
can force venv builds in-place (disable cached
venv usage) without enabling developer mode
constraints.
Change-Id: Ie16f861b9abdc5887365bb58c9eec427f55cb177
The api_url value is wrong and causes gate failures now that the value
is tested by the ironic server when it starts up.
Change-Id: I7d63135a74b6472a284495f04d7c04dc553f53ad
This patch adds a task to copy ldlinux.c32 to the tftp directory
when on ubuntu 16.04. Also, changed the copy tasks to a unique
task making use of the copy module with 'remote_src: True'.
Change-Id: I4a71c198ad11d293e15f8a80bc1dcd0c6e6aa479
This patch adds the ability to specify a cleaning and provisioning
network for Ironic. If none are specified then Ironic continues to
function as it does now.
Ironic role will calculate the UUID of the neutron network assuming a
network name is provided.
Additionally, this is added to testing by configuring a network to add
with the network-name.
Change-Id: I9be6f351c0da292ac8b861d2168e73d1861e1603
Post install tasks in os_ironic role don't quote password
values, having shell special characters in password is
resulting in failed runs.
Closes-Bug: 1647248
Change-Id: If7fefb112ffdee8d9ee162b1f0bc0bbe10528e3e
please see https://github.com/fireteam/virtualenv-tools/issues/5
This make installation of the virtualenv impossible on CentOS7 since
you endup with python > python2.7 and python2.7 > python
lrwxrwxrwx. 1 root root 9 Nov 24 20:49 python -> python2.7
lrwxrwxrwx. 1 root root 6 Nov 14 20:03 python2 -> python
lrwxrwxrwx. 1 root root 6 Nov 14 20:03 python2.7 -> python
Change-Id: I87628ad30523e34bc3fa5abd454860d90663737f
Related-Bug: #1637509
Partial-Bug: #1644629
Reinitializes (copies python, etc binaries) into the venv when
dropping a new venv into place. This is needed because the Python
binary packaged with the venv may not match the Python running on
the host it is being installed to. (ie. in the case of a Xenial
repo container and a Trusty target host.)
Change-Id: I8d0ac69bfca3757134086dbd0cb12be88473b6f8
Partial-Bug: #1637509
On CentOS /run/lock is created by /usr/lib/tmpfiles.d/legacy.conf file
which can be run after other conf we create for opentack services.
This patch rename the service files to openstack-service.conf to ensure
it is ran after legacy.conf
Change-Id: I745d62a70667f8e89fc15f0c07eb011a47c3dbe9
This patch removes some extra tasks for detecting systemd and uses
the fact instead.
Partial-Bug: #1640125
Change-Id: Idf2b46b0665540aa52d3be549186f6f226828906
Ansible 2.2 now treats the 'name' argument for the pip module
as a list, removing the need for us to implement the join
filter to optimise the install execution.
Change-Id: I1e3d9cc108298a1942493259bae459b036e73c0b
This fix tmpfile when multiple services runs in the same host with systemd.
Add ironic_lock_path vars to configure lock path
Change-Id: I7c4b6a356b321c65718af3cc5b3818b7f9a61e58
Starting in Ansible 2.0, the get_url [1] module provides the
ability for a checksum to be provided to the get_url module
which will be verified against the local destination file
and the task skipped if it matches.
[1] http://docs.ansible.com/ansible/get_url_module.html
This patch implements the use of this functionality.
The ability to ignore a venv download failure is also removed
as this is not necessary or desirable. It is better for the
download to fail and the playbook execution to stop immediately
so that the failure point is exposed.
Change-Id: I8b7b76521d38c0dd842c32545644fe43129c0354
The current constraints generation for the
installation involves multiple tasks and multiple
variables.
Using multiple tasks extends the installation time
unnecessarily and the additional variables are
unnecessary.
This patch aims to simplify the mechanism and
hopes to speed it up a little.
Change-Id: Ie860ef9bc223621140205d465298c4009b86118a
This change removes the use of 'ignore_errors: true' because it causes deployers
to see red output and a stacktrace, which traditionally means something is broken,
even when the failure is known to have a fall back option or be intentional. This
conversion will provide a generally cleaner interface.
It should be noted that the 'failed' filter will still function normally. Tasks
with the 'failed_when: false' option will still be marked as 'failed' in any
registered variable. This change simply makes the output look cleaner.
Change-Id: I7067a541362c826579fc7d17abf86fe9ddc89bee
Closes-Bug: #1633438
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Ansible 2.1.1 introduces a regression in the way conditional
includes are handled which results in every task in the
included file being evaluated even if the condition for the
include is not met. This extends the run time significantly
for a deployment.
This patch forces all conditional includes to be dynamic.
Change-Id: I634d7ba7c7d59b21cffd3cddfdc28717bbe91a86
Related-Bug: https://github.com/ansible/ansible/issues/17687
Update the rootwrap filter config file copy task to handle
looking up rootwrap filter files using 'with_fileglob' to avoid
having to maintain the task with each addition or removal of these
files.
Change-Id: I768ba7415408c1c5dbd66e9fe57788d41587742c
In order to make it easier to differentiate between the lists of
python packages, distribution packages, downloaded packages,
package pins and other similar variables the variable names are
being changed to ensure that they have a more explicit suffix
that defines the purpose and makes the naming more consistent.
This is to facilitate a lookup plugin which will be able to look
up all the package lists and present them as a consolidated piece
of data which may be used for artifact preparation.
Change-Id: I6f61216d318ea1adbcbf544066e9c71205fa5daf
The numerous tags within the role have been condensed
to two tags: ironic-install and ironic-config
These tags have been chosen as they are namespaced
and cover the two major functions of the role.
Change-Id: I1ddbf229f4a3665c2c6fc798b39882d137c536d1
The current method of installing the distribution packages required is
set in the tasks and cannot be changed by a deployer.
Currently the apt task always installs the latest package. This results
in unexpected binary changes when a deployer may simply be trying to
execute a configuration change.
This patch adds the ability for a deployer to change the desired state
so that the results are predictable.
Change-Id: I16a81da2b61cd69bafc59ac113fe546a748e8675
When a task is included, contains variables within the
include, and loads other tasks with conditionals that
iterate (using a lookup plugin) Ansible will spinlock for
~30 seconds per item per task. To resolve this the iteration
using the lookup plugin was removed and the task broken out
into individual tasks.
Change-Id: I2f979c950217f85340fbb22a8c9151b5605753f7
Unlike the Ansible apt module, the Ansible pip module does not
recognise a with_items list and process all the items at once.
To optimise the pip install tasks, this patch replaces the use
of with_items with a join filter so that the pip install task
does an install with all the packages in a list, ensuring that
the execution is one action instead of many.
Change-Id: I1bd9d6f8e9ccd338e7417fa583d5a218ea499181
Remove all tasks and variables related to toggling between installation
of ironic inside or outside of a Python virtual environment.
Installing within a venv is now the only supported deployment.
Additionally, a few changes have been made to make the creation of the
venv more resistant to interruptions during a run of the role.
* unarchiving a pre-built venv will now also occur when the venv
directory is created, not only after being downloaded
* virtualenv-tools is run against both pre-built and non pre-built venvs
to account for interruptions during or prior to unarchiving
Change-Id: I9df953f69eb86606ce8a6fe9f77e60c710549b8e
Implements: blueprint only-install-venvs
Currently all pip install tasks only require the package to be
present. This means that when an environment undergoes a minor
upgrade the package is not upgraded to the same version that
was tested with. This ultimately results in a deployed
environment that does not match the tested environment.
While for the services installed into venvs this is not an
issue, it does affect those which do not use venvs and any
packages which are installed outside of a venv or on top
of a venv.
This patch changes the behaviour to ensure that the install
task will always use the latest available package. In
developer_mode this will mean using the version specified
in upper-constraints, and in an integrated build this will
mean the version which is available in the wheel repo's
folder for the tag.
Change-Id: I75eb265b9634d7c2524d48212c9a2af2c39dc128
this change forces ironic to interact with the OpenStack InternalURL
instead of trying to use the public one. This is needed to ensure Ironic
isn't instructing it's nodes to retrieve user images from a public address
that they may not have access to.
Change-Id: Ibfeba53c2be802c51a3edc386e50fcbab8d0b01b
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This change addresses two issues:
1 - the tftpd-hpa package has to be installed on all conductors
regardless of standalone more or not.
2 - the tftpd-hpa has an issue where is till not function over
ipv4 unless expressly set. To resolve this issue the default
configuration file has been changed to lockdown the listen
address and set the port. This is the related launchpad issue
for tftp-hpa [0]
[0] - https://bugs.launchpad.net/ubuntu/+source/tftp-hpa/+bug/1448500
Change-Id: I9861de0a0384661a27f0971f77ab340f4c1d59e3
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This change makes is intended to simplify the the ironic.conf file
so that we only carry what is needed. In the file we're setting the
swift configuration section when not in stand alone mode and the
keystone_auth section has been updated for the options that ironic
requires.
URI testing for ironic's rest API has been updated to run the tests
using a header for the authentication token. This is required now that
the keystone_auth section is filled in.
Co-Authored-By: Michael Davies <michael@the-davies.net>
Change-Id: Ic6bd466e6fa03c2382424666588c306bad473e99
Partially-implements: blueprint role-ironic
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Currently the logic that determines whether to copy in pxelinux.0
and chain.32 is broken. These files can just be copied in
without the stat checks.
Change-Id: I1445a60d764f02f5020e69475ae374b64cf5c4cf
This patch implements an initial set of inventory and playbooks
which results in the successful convergence of a standalone
build of Ironic.
It also adds the rootwrap filters, implement config_template
for all the conf files appropriately and ensures that the sudoers
is implemented in the right order of execution.
All content is based from the head of stable/mitaka on
24 Mar 2016.
Change-Id: I9182951c394a8c52826480aba7bc7e4d437988c5
Now that auth token usage is deprecated, prefer the admin
user and password for all service setup tasks run against
keystone.
Change-Id: I177bdff0e789f43f192253dce886d0e5bf10a4b5
This change removes the database creation and messaging tasks
from this role as the role should expect to be given a database
and message queue.
These tasks will be added in a subsequent patch which implements
a set of testing playbooks.
Change-Id: I2a26b2178b0245c5f72dbec201e2191fe4e6543e
