diff --git a/.ansible-lint b/.ansible-lint index 2f810e8ad..d427d52b2 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,6 +1,5 @@ skip_list: # FIXME: gradually fix and remove these exclusions: - - '204' # Lines should be no longer than 160 chars - '206' # Variables should have spaces before and after: {{ var_name }} - '208' # File permissions not mentioned - '301' # Commands should not change things if nothing needs doing diff --git a/playbooks/install.yaml b/playbooks/install.yaml index 8b42f3b97..691f213da 100644 --- a/playbooks/install.yaml +++ b/playbooks/install.yaml @@ -23,8 +23,23 @@ config_project_name: "{{ keystone.bootstrap.project_name }}" config_region_name: "{{ keystone.bootstrap.region_name }}" config_auth_url: "{{ keystone.bootstrap.public_url }}" - - { role: bifrost-create-dib-image, dib_imagename: "{{ http_boot_folder }}/ipa", build_ramdisk: false, dib_os_element: "{{ ipa_dib_os_element|default('debian') }}", dib_elements: "ironic-python-agent-ramdisk {{ ipa_extra_dib_elements | default('') }}", when: create_ipa_image | bool == true } - - { role: bifrost-create-dib-image, dib_imagename: "{{ deploy_image }}", dib_imagetype: "qcow2", dib_elements: "{{ dib_image_type|default('vm') }} enable-serial-console {{ dib_init_element|default('simple-init') }} {{ extra_dib_elements|default('') }}", when: create_image_via_dib | bool == true and transform_boot_image | bool == false } + - role: bifrost-create-dib-image + dib_imagename: "{{ http_boot_folder }}/ipa" + build_ramdisk: false + dib_os_element: "{{ ipa_dib_os_element|default('debian') }}" + dib_elements: "ironic-python-agent-ramdisk {{ ipa_extra_dib_elements | default('') }}" + when: create_ipa_image | bool + - role: bifrost-create-dib-image + dib_imagename: "{{ deploy_image }}" + dib_imagetype: "qcow2" + dib_elements: > + {{ dib_image_type|default('vm') }} + enable-serial-console + {{ dib_init_element|default('simple-init') }} + {{ extra_dib_elements|default('') }} + when: + - create_image_via_dib | bool + - not transform_boot_image | bool environment: http_proxy: "{{ lookup('env','http_proxy') }}" https_proxy: "{{ lookup('env','https_proxy') }}" diff --git a/playbooks/roles/bifrost-create-dib-image/tasks/main.yml b/playbooks/roles/bifrost-create-dib-image/tasks/main.yml index 8699d4d15..8465bbd78 100644 --- a/playbooks/roles/bifrost-create-dib-image/tasks/main.yml +++ b/playbooks/roles/bifrost-create-dib-image/tasks/main.yml @@ -135,6 +135,12 @@ - name: "Set the ELEMENTS_PATH environment variable" set_fact: dib_env_vars_final: "{{dib_env_vars_final | combine({'ELEMENTS_PATH': ipa_builder_git_folder + '/dib'}) }}" +- name: "Set the DIB_BLOCK_DEVICE_CONFIG variable if set" + set_fact: + dib_env_vars_final: "{{ dib_env_vars_final | combine({'DIB_BLOCK_DEVICE_CONFIG': dib_partitioning}) }}" + when: + - dib_partitioning is defined + - dib_partitioning|length > 0 - name: "Set partitioning information if set" slurp: src: "{{ partitioning_file }}" @@ -146,7 +152,28 @@ when: partition_info is defined and 'content' in partition_info - name: "Build argument list" set_fact: - dib_arglist: "{{dib_trace_arg|default('')}} {{dib_uncompressed_arg|default('')}} {{dib_clearenv_arg|default('')}} {{dib_notmpfs_arg|default('')}} {{dib_offline_arg|default('')}} {{dib_skipbase_arg|default('')}} {{dib_arch_arg|default('')}} {{dib_imagename_arg|default('')}} {{dib_imagetype_arg|default('')}} {{dib_imagesize_arg|default('')}} {{dib_imagecache_arg|default('')}} {{dib_maxresize_arg|default('')}} {{dib_mintmpfs_arg|default('')}} {{dib_mkfsopts_arg|default('')}} {{dib_qemuopts_arg|default('')}} {{dib_rootlabel_arg|default('')}} {{dib_rdelement_arg|default('')}} {{dib_installtype_arg|default('')}} {{dib_packages_arg|default('')}} {{dib_os_element}} {{dib_elements|default('')}}" + dib_arglist: > + {{dib_trace_arg|default('')}} + {{dib_uncompressed_arg|default('')}} + {{dib_clearenv_arg|default('')}} + {{dib_notmpfs_arg|default('')}} + {{dib_offline_arg|default('')}} + {{dib_skipbase_arg|default('')}} + {{dib_arch_arg|default('')}} + {{dib_imagename_arg|default('')}} + {{dib_imagetype_arg|default('')}} + {{dib_imagesize_arg|default('')}} + {{dib_imagecache_arg|default('')}} + {{dib_maxresize_arg|default('')}} + {{dib_mintmpfs_arg|default('')}} + {{dib_mkfsopts_arg|default('')}} + {{dib_qemuopts_arg|default('')}} + {{dib_rootlabel_arg|default('')}} + {{dib_rdelement_arg|default('')}} + {{dib_installtype_arg|default('')}} + {{dib_packages_arg|default('')}} + {{dib_os_element}} + {{dib_elements|default('')}} - name: Install debootstrap if building a Debian image package: name: debootstrap @@ -158,12 +185,20 @@ and ("debian" in dib_os_element or "ubuntu" in dib_os_element) - name: "Initiate image build" command: disk-image-create {{dib_arglist}} - environment: "{{ dib_env_vars_final | combine(bifrost_venv_env if enable_venv|bool else {}) | combine({'DIB_BLOCK_DEVICE_CONFIG': dib_partitioning} if dib_partitioning is defined and dib_partitioning|length > 0 else {}) }}" - when: build_ramdisk | bool == false and test_image_present.stat.exists == false and test_image_dib_present.stat.exists == false and test_image_initramfs_present.stat.exists == false + environment: "{{ dib_env_vars_final | combine(bifrost_venv_env if enable_venv|bool else {}) }}" + when: + - not build_ramdisk | bool + - not test_image_present.stat.exists + - not test_image_dib_present.stat.exists + - not test_image_initramfs_present.stat.exists - name: "Initiate ramdisk build" command: ramdisk-image-create {{dib_arglist}} environment: "{{ dib_env_vars_final | combine(bifrost_venv_env if enable_venv|bool else {}) }}" - when: build_ramdisk | bool == true and test_image_present.stat.exists == false and test_image_dib_present.stat.exists == false and test_image_initramfs_present.stat.exists == false + when: + - build_ramdisk | bool + - not test_image_present.stat.exists + - not test_image_dib_present.stat.exists + - not test_image_initramfs_present.stat.exists - name: "Update permission of generated image" file: path: "{{ http_boot_folder }}" diff --git a/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml b/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml index 89b7ed92d..d05c57d04 100644 --- a/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml +++ b/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml @@ -76,9 +76,20 @@ when: lookup('env', 'mysql_pass') | length > 0 no_log: true -- name: Setting MySQL socket fact +- name: "Set MySQL socket fact for Red Hat family" set_fact: - mysql_socket_path: "/var/{% if ansible_os_family | lower == 'redhat' %}lib{% else %}run{% endif %}/{% if ansible_os_family | lower == 'debian' %}mysqld/mysqld.sock{% else %}mysql/mysql.sock{% endif %}" + mysql_socket_path: "/var/lib/mysql/mysql.sock" + when: ansible_os_family | lower == 'redhat' + +- name: "Set MySQL socket fact for Debian family" + set_fact: + mysql_socket_path: "/var/run/mysqld/mysqld.sock" + when: ansible_os_family | lower == 'debian' + +- name: "Set MySQL socket fact for other systems" + set_fact: + mysql_socket_path: "/var/run/mysql/mysql.sock" + when: (ansible_os_family | lower) not in ['redhat', 'debian'] - name: "MySQL - Creating DB" mysql_db: @@ -266,19 +277,32 @@ dhcp_netaddr: "{{ dhcp_netaddr | ipaddr('network') }}/{{ dhcp_static_mask }}" when: include_dhcp_server | bool == true - name: "Validate interface network addresses" - fail: msg="Interface {{ ans_network_interface }} network incoherence {{ itf_netaddr1 | ipaddr('network') }}/{{ itf_netaddr1 | ipaddr('prefix') }} vs {{ itf_netaddr2 }}/{{ itf_netaddr2 | ipaddr('prefix') }}" + fail: + msg: > + Interface {{ ans_network_interface }} network incoherence + {{ itf_netaddr1 | ipaddr('network') }}/{{ itf_netaddr1 | ipaddr('prefix') }} + vs {{ itf_netaddr2 }}/{{ itf_netaddr2 | ipaddr('prefix') }} when: - - include_dhcp_server | bool == true + - include_dhcp_server | bool - itf_netaddr1 | ipaddr('network') != itf_netaddr2 | ipaddr('network') - name: "Validate interface broadcast addresses" - fail: msg="Interface {{ ans_network_interface }} broadcast incoherence {{ itf_netaddr1 | ipaddr('broadcast') }}/{{ itf_netaddr1 | ipaddr('prefix') }} vs {{ itf_broadcast | ipaddr('broadcast') }}/{{ itf_broadcast | ipaddr('prefix') }}" + fail: + msg: > + Interface {{ ans_network_interface }} broadcast incoherence + {{ itf_netaddr1 | ipaddr('broadcast') }}/{{ itf_netaddr1 | ipaddr('prefix') }} + vs {{ itf_broadcast | ipaddr('broadcast') }}/{{ itf_broadcast | ipaddr('prefix') }} when: - - include_dhcp_server | bool == true + - include_dhcp_server | bool - itf_netaddr1 | ipaddr('broadcast') != itf_broadcast | ipaddr('broadcast') - name: "Validate DHCP and interface addresses" - debug: msg="Interface {{ ans_network_interface }} and DHCP networks are incoherent {{ itf_netaddr2 | ipaddr('network') }}/{{ itf_netaddr2 | ipaddr('prefix') }} {{ dhcp_netaddr | ipaddr('network') }}/{{ dhcp_netaddr | ipaddr('prefix') }} overriding DHCP with interface settings" + debug: + msg: > + Interface {{ ans_network_interface }} and DHCP networks are incoherent + {{ itf_netaddr2 | ipaddr('network') }}/{{ itf_netaddr2 | ipaddr('prefix') }} + {{ dhcp_netaddr | ipaddr('network') }}/{{ dhcp_netaddr | ipaddr('prefix') }} + overriding DHCP with interface settings" when: - - include_dhcp_server | bool == true + - include_dhcp_server | bool - itf_netaddr2 | ipaddr('network') != dhcp_netaddr | ipaddr('network') - name: "Computing new DHCP informations" set_fact: diff --git a/playbooks/roles/bifrost-ironic-install/tasks/download_ipa_image.yml b/playbooks/roles/bifrost-ironic-install/tasks/download_ipa_image.yml index a91de495d..2181639f2 100644 --- a/playbooks/roles/bifrost-ironic-install/tasks/download_ipa_image.yml +++ b/playbooks/roles/bifrost-ironic-install/tasks/download_ipa_image.yml @@ -21,14 +21,27 @@ - block: - name: "Download IPA kernel checksum file" - get_url: url="{{ ipa_kernel_upstream_checksum_url }}" dest="{{ ipa_kernel }}.{{ ipa_kernel_upstream_checksum_algo }}" timeout=300 + get_url: + url: "{{ ipa_kernel_upstream_checksum_url }}" + dest: "{{ ipa_kernel }}.{{ ipa_kernel_upstream_checksum_algo }}" + timeout: 300 register: ipa_kernel_checksum_result ignore_errors: yes - - debug: msg="WARNING!!! {{ ipa_kernel_upstream_checksum_algo }} file not found at {{ ipa_kernel_upstream_checksum_url }}" - when: ipa_kernel_checksum_result is defined and ipa_kernel_checksum_result.status_code is defined and ipa_kernel_checksum_result.status_code == 404 - - fail: msg="FATAL {{ ipa_kernel_upstream_checksum_algo }} file not found at {{ ipa_kernel_upstream_checksum_url }} GOT {{ ipa_kernel_checksum_result }}" - when: ipa_kernel_checksum_result is not defined or ipa_kernel_checksum_result.changed is not defined or - (ipa_kernel_checksum_result.changed and ipa_kernel_checksum_result.status_code is defined and ipa_kernel_checksum_result.status_code != 404 and ipa_kernel_checksum_result.status_code != 200) + - debug: + msg: "WARNING!!! {{ ipa_kernel_upstream_checksum_algo }} file not found at {{ ipa_kernel_upstream_checksum_url }}" + when: + - ipa_kernel_checksum_result is defined + - ipa_kernel_checksum_result.status_code is defined + - ipa_kernel_checksum_result.status_code == 404 + - fail: + msg: "FATAL {{ ipa_kernel_upstream_checksum_algo }} file not found at {{ ipa_kernel_upstream_checksum_url }} GOT {{ ipa_kernel_checksum_result }}" + when: > + ipa_kernel_checksum_result is not defined + or ipa_kernel_checksum_result.changed is not defined + or (ipa_kernel_checksum_result.changed + and ipa_kernel_checksum_result.status_code is defined + and ipa_kernel_checksum_result.status_code != 404 + and ipa_kernel_checksum_result.status_code != 200) - name: "Extract IPA kernel checksum" shell: awk '/{{ ipa_kernel_upstream_url | basename }}/{print $1}' "{{ ipa_kernel }}.{{ ipa_kernel_upstream_checksum_algo }}" register: parsed_ipa_kernel_checksum @@ -62,14 +75,27 @@ - block: - name: "Download IPA image checksum" - get_url: url="{{ ipa_ramdisk_upstream_checksum_url }}" dest="{{ ipa_ramdisk }}.{{ ipa_ramdisk_upstream_checksum_algo }}" timeout=300 + get_url: + url: "{{ ipa_ramdisk_upstream_checksum_url }}" + dest: "{{ ipa_ramdisk }}.{{ ipa_ramdisk_upstream_checksum_algo }}" + timeout: 300 register: ipa_ramdisk_checksum_result ignore_errors: yes - - debug: msg="WARNING!!! {{ ipa_ramdisk_upstream_checksum_algo }} file not found at {{ ipa_ramdisk_upstream_checksum_url }}" - when: ipa_ramdisk_checksum_result is defined and ipa_ramdisk_checksum_result.status_code is defined and ipa_ramdisk_checksum_result.status_code == 404 - - fail: msg="FATAL {{ ipa_ramdisk_upstream_checksum_algo }} file not found at {{ ipa_ramdisk_upstream_checksum_url }}" - when: ipa_ramdisk_checksum_result is not defined or ipa_ramdisk_checksum_result.changed is not defined or - (ipa_ramdisk_checksum_result.changed and ipa_ramdisk_checksum_result.status_code is defined and ipa_ramdisk_checksum_result.status_code != 404 and ipa_ramdisk_checksum_result.status_code != 200) + - debug: + msg: "WARNING!!! {{ ipa_ramdisk_upstream_checksum_algo }} file not found at {{ ipa_ramdisk_upstream_checksum_url }}" + when: + - ipa_ramdisk_checksum_result is defined + - ipa_ramdisk_checksum_result.status_code is defined + - ipa_ramdisk_checksum_result.status_code == 404 + - fail: + msg: "FATAL {{ ipa_ramdisk_upstream_checksum_algo }} file not found at {{ ipa_ramdisk_upstream_checksum_url }}" + when: > + ipa_ramdisk_checksum_result is not defined + or ipa_ramdisk_checksum_result.changed is not defined + or (ipa_ramdisk_checksum_result.changed + and ipa_ramdisk_checksum_result.status_code is defined + and ipa_ramdisk_checksum_result.status_code != 404 + and ipa_ramdisk_checksum_result.status_code != 200) - name: "Extract IPA ramdisk checksum" shell: awk '/{{ ipa_ramdisk_upstream_url | basename }}/{print $1}' "{{ ipa_ramdisk }}.{{ ipa_ramdisk_upstream_checksum_algo }}" register: parsed_ipa_ramdisk_checksum diff --git a/playbooks/roles/bifrost-ironic-install/tasks/inspector_bootstrap.yml b/playbooks/roles/bifrost-ironic-install/tasks/inspector_bootstrap.yml index 0a3fa5a62..101e79243 100644 --- a/playbooks/roles/bifrost-ironic-install/tasks/inspector_bootstrap.yml +++ b/playbooks/roles/bifrost-ironic-install/tasks/inspector_bootstrap.yml @@ -13,9 +13,20 @@ # See the License for the specific language governing permissions and # limitations under the License. --- -- name: Setting MySQL socket fact +- name: "Set MySQL socket fact for Red Hat family" set_fact: - mysql_socket_path: "/var/{% if ansible_os_family | lower == 'redhat' %}lib{% else %}run{% endif %}/{% if ansible_os_family | lower == 'debian' %}mysqld/mysqld.sock{% else %}mysql/mysql.sock{% endif %}" + mysql_socket_path: "/var/lib/mysql/mysql.sock" + when: ansible_os_family | lower == 'redhat' + +- name: "Set MySQL socket fact for Debian family" + set_fact: + mysql_socket_path: "/var/run/mysqld/mysqld.sock" + when: ansible_os_family | lower == 'debian' + +- name: "Set MySQL socket fact for other systems" + set_fact: + mysql_socket_path: "/var/run/mysql/mysql.sock" + when: ansible_os_family | lower not in ['redhat', 'debian'] - name: "MySQL - Create database" mysql_db: @@ -117,8 +128,12 @@ dest: "{{ init_dest_dir }}{{item.service_name}}.service" owner: root group: root + # FIXME(dtantsur): this is an awkward way to use loop... loop: - - { service_path: "{{ ironic_install_prefix.stdout | default('') }}", service_name: 'ironic-inspector', username: 'ironic', args: '--config-file /etc/ironic-inspector/inspector.conf'} + - service_path: "{{ ironic_install_prefix.stdout | default('') }}" + service_name: 'ironic-inspector' + username: 'ironic' + args: '--config-file /etc/ironic-inspector/inspector.conf' - name: "Inspector - Explicitly permit TCP/5050 for ironic-inspector callback" iptables: chain: INPUT diff --git a/playbooks/roles/bifrost-ironic-install/tasks/ironic_config.yml b/playbooks/roles/bifrost-ironic-install/tasks/ironic_config.yml index 129d64c7d..fe3fc5303 100644 --- a/playbooks/roles/bifrost-ironic-install/tasks/ironic_config.yml +++ b/playbooks/roles/bifrost-ironic-install/tasks/ironic_config.yml @@ -51,8 +51,8 @@ - name: "Set sudoers for rootwrap" lineinfile: dest: /etc/sudoers - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" + regexp: "^ironic(.*)/{{ item }}-rootwrap /etc/{{ item }}/rootwrap.conf(.*)" + line: "ironic ALL = (root) NOPASSWD: {{ ironic_rootwrap_dir }}/{{ item }}-rootwrap /etc/{{ item }}/rootwrap.conf *" loop: - - { regexp: '^ironic(.*)/ironic-rootwrap /etc/ironic/rootwrap.conf(.*)', line: "ironic ALL = (root) NOPASSWD: {{ ironic_rootwrap_dir }}/ironic-rootwrap /etc/ironic/rootwrap.conf *" } - - { regexp: '^ironic(.*)/ironic-inspector-rootwrap /etc/ironic-inspector/rootwrap.conf(.*)', line: "ironic ALL = (root) NOPASSWD: {{ ironic_rootwrap_dir }}/ironic-inspector-rootwrap /etc/ironic-inspector/rootwrap.conf *" } + - ironic + - ironic-inspector diff --git a/playbooks/roles/bifrost-ironic-install/tasks/keystone_setup_inspector.yml b/playbooks/roles/bifrost-ironic-install/tasks/keystone_setup_inspector.yml index 754da4c13..807887316 100644 --- a/playbooks/roles/bifrost-ironic-install/tasks/keystone_setup_inspector.yml +++ b/playbooks/roles/bifrost-ironic-install/tasks/keystone_setup_inspector.yml @@ -142,7 +142,8 @@ - name: "Setting external ironic-inspector public URL" set_fact: - ironic_inspector_public_url: "{{ ironic_inspector.keystone.public_url | default('http://127.0.0.1:5050/') | replace('127.0.0.1', public_ip | default(internal_ip)) }}" + ironic_inspector_public_url: >- + {{ ironic_inspector.keystone.public_url | default('http://127.0.0.1:5050/') | replace('127.0.0.1', public_ip | default(internal_ip)) }} when: use_public_urls | default(false) | bool # NOTE(TheJulia): This seems like something that should be diff --git a/playbooks/roles/bifrost-keystone-install/tasks/bootstrap.yml b/playbooks/roles/bifrost-keystone-install/tasks/bootstrap.yml index 7b40ea89b..d3e4f5225 100644 --- a/playbooks/roles/bifrost-keystone-install/tasks/bootstrap.yml +++ b/playbooks/roles/bifrost-keystone-install/tasks/bootstrap.yml @@ -46,9 +46,20 @@ when: lookup('env', 'mysql_pass') | length > 0 no_log: true -- name: Setting MySQL socket fact +- name: "Set MySQL socket fact for Red Hat family" set_fact: - mysql_socket_path: "/var/{% if ansible_os_family | lower == 'redhat' %}lib{% else %}run{% endif %}/{% if ansible_os_family | lower == 'debian' %}mysqld/mysqld.sock{% else %}mysql/mysql.sock{% endif %}" + mysql_socket_path: "/var/lib/mysql/mysql.sock" + when: ansible_os_family | lower == 'redhat' + +- name: "Set MySQL socket fact for Debian family" + set_fact: + mysql_socket_path: "/var/run/mysqld/mysqld.sock" + when: ansible_os_family | lower == 'debian' + +- name: "Set MySQL socket fact for other systems" + set_fact: + mysql_socket_path: "/var/run/mysql/mysql.sock" + when: (ansible_os_family | lower) not in ['redhat', 'debian'] - name: "MySQL - Creating DB" mysql_db: diff --git a/playbooks/test-bifrost.yaml b/playbooks/test-bifrost.yaml index 2e4b0b109..2f8066026 100644 --- a/playbooks/test-bifrost.yaml +++ b/playbooks/test-bifrost.yaml @@ -51,9 +51,22 @@ # NOTE(TheJulia): While the next step creates a ramdisk, some elements # do not support ramdisk-image-create as they invoke steps to cleanup # the ramdisk which causes ramdisk-image-create to believe it failed. - - { role: bifrost-create-dib-image, dib_imagename: "{{ http_boot_folder }}/ipa", build_ramdisk: false, dib_os_element: "{{ ipa_dib_os_element|default('debian') }}", dib_os_release: "buster", dib_elements: "ironic-python-agent-ramdisk {{ ipa_extra_dib_elements | default('') }}", dib_packages: "bsdmainutils", when: create_ipa_image | bool } + - role: bifrost-create-dib-image + dib_imagename: "{{ http_boot_folder }}/ipa" + build_ramdisk: false + dib_os_element: "{{ ipa_dib_os_element|default('debian') }}" + dib_os_release: "buster" + dib_elements: "ironic-python-agent-ramdisk {{ ipa_extra_dib_elements | default('') }}" + dib_packages: "bsdmainutils" + when: create_ipa_image | bool # NOTE(TheJulia): This creates the guest image. - - { role: bifrost-create-dib-image, dib_imagetype: "qcow2", dib_imagename: "{{deploy_image}}", dib_os_element: "debian", dib_os_release: "buster", dib_elements: "vm enable-serial-console simple-init {{ extra_dib_elements|default('') }}", when: create_image_via_dib | bool and not transform_boot_image | bool } + - role: bifrost-create-dib-image + dib_imagetype: "qcow2" + dib_imagename: "{{deploy_image}}" + dib_os_element: "debian" + dib_os_release: "buster" + dib_elements: "vm enable-serial-console simple-init {{ extra_dib_elements|default('') }}" + when: create_image_via_dib | bool and not transform_boot_image | bool - role: bifrost-keystone-client-config user: "{{ ansible_env.SUDO_USER | default(ansible_user_id) }}" clouds: