Merge branch 'master' into net-connectivity

ansible/group_vars/all/yum

@@ -0,0 +1,3 @@
+---
+
+yum_use_local_mirror: false

ansible/roles/kolla-openstack/tasks/config.yml

@@ -78,7 +78,9 @@
     - "{{ find_src_result.results }}"
     - files
     - skip_missing: True
-  when: item.0.item.enabled | bool
+  when:
+    - item.0.item.enabled | bool
+    - item.1.path | basename not in item.0.item.ignore | default([])
 
 - name: Ensure unnecessary extra configuration files are absent
   file:

ansible/roles/kolla-openstack/vars/main.yml

@@ -5,8 +5,9 @@
 # dest: Path to directory in which generated files will be created.
 # patterns: One or more file name patterns to match.
 # enabled: Whether these files should be templated.
-# ignore: Optional list of files to leave in the destination, even if disabled
-#         or unexpected.
+# ignore: Optional list of files to ignore. These files will not be copied to
+#         the destination, and will not be removed from the destination, even
+#         if disabled or unexpected.
 kolla_openstack_custom_config:
   # Ceph.
   - src: "{{ kolla_extra_config_path }}/ceph"

ansible/roles/node-exporter/defaults/main.yml

@@ -10,7 +10,7 @@ nodeexporter_services:
     container_name: nodeexporter
     enabled: "{{ nodeexporter_enabled }}"
     image: "{{ nodeexporter_image_full }}"
-    command: /bin/node_exporter --collector.procfs=/host/proc --collector.sysfs=/host/sys --collector.filesystem.ignored-mount-points "^/(sys|proc|dev|host|etc)($|/)"
+    command: --collector.procfs=/host/proc --collector.sysfs=/host/sys --collector.filesystem.ignored-mount-points "^/(sys|proc|dev|host|etc)($|/)"
     privileged: True
     read_only: True
     volumes:

ansible/roles/yum-cron/defaults/main.yml

@@ -0,0 +1,4 @@
+---
+
+yum_cron_enabled: false
+yum_cron_update_cmd: 'security'

ansible/roles/yum-cron/handlers/main.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Restart yum-cron
+  service:
+    name: yum-cron
+    state: restarted
+  become: True

ansible/roles/yum-cron/tasks/main.yml

@@ -0,0 +1,36 @@
+---
+
+- name: Yum | Install yum-cron (CentOS)
+  yum:
+    name: yum-cron
+    state: present
+  when: yum_cron_enabled
+  become: True
+
+- name: Replace | Enable update applying for yum-cron (CentOS)
+  replace:
+    dest: /etc/yum/yum-cron.conf
+    regexp: "^apply_updates = no"
+    replace: "apply_updates = yes"
+  when: yum_cron_enabled
+  notify:
+    - Restart yum-cron
+  become: True
+
+- name: Replace | Enable update applying for yum-cron (CentOS)
+  replace:
+    dest: /etc/yum/yum-cron.conf
+    regexp: "^update_cmd = .*$"
+    replace: "update_cmd = {{ yum_cron_update_cmd }}"
+  when: yum_cron_enabled
+  notify:
+    - Restart yum-cron
+  become: True
+
+- name: Service | Enable yum-cron (CentOS)
+  service:
+    name: yum-cron
+    state: started
+    enabled: yes
+  when: yum_cron_enabled
+  become: True

ansible/roles/yum/defaults/main.yml

@@ -0,0 +1,12 @@
+---
+
+# Whether or not to use a local Yum mirror.
+yum_use_local_mirror: false
+# Mirror FQDN for Yum repos.
+yum_centos_mirror_host: 'mirror.centos.org'
+# Mirror directory for Yum CentOS repos.
+yum_centos_mirror_directory: 'centos'
+# Mirror FQDN for Yum EPEL repos.
+yum_epel_mirror_host: 'download.fedoraproject.org'
+# Mirror directory for Yum EPEL repos.
+yum_epel_mirror_directory: 'pub/epel'

ansible/roles/yum/tasks/main.yml

@@ -0,0 +1,6 @@
+---
+
+- include: redhat.yml
+  when:
+    - ansible_os_family == "RedHat"
+    - yum_use_local_mirror

ansible/roles/yum/tasks/redhat.yml

@@ -0,0 +1,44 @@
+---
+
+- name: Replace | Disable YUM fastestmirror plugin (CentOS)
+  replace:
+    dest: /etc/yum/pluginconf.d/fastestmirror.conf
+    regexp: "enabled=1"
+    replace: "enabled=0"
+  become: True
+
+- name: Template | Copy CentOS repo templates (CentOS)
+  template:
+    src: CentOS-Base.repo.j2
+    dest: /etc/yum.repos.d/CentOS-Base.repo
+    owner: root
+    group: root
+    mode: 0664
+  become: True
+
+- name: Yum | Update cache (CentOS)
+  yum:
+    name: '*'
+    update_cache: yes
+  become: True
+
+- name: Yum | Install epel-release (CentOS)
+  yum:
+    name: epel-release
+    state: installed
+  become: True
+
+- name: Template | Copy EPEL repo templates (CentOS)
+  template:
+    src: epel.repo.j2
+    dest: /etc/yum.repos.d/epel.repo
+    owner: root
+    group: root
+    mode: 0664
+  become: True
+
+- name: Yum | Update cache (CentOS)
+  yum:
+    name: '*'
+    update_cache: yes
+  become: True

ansible/roles/yum/templates/CentOS-Base.repo.j2

@@ -0,0 +1,43 @@
+# CentOS-Base.repo
+#
+# The mirror system uses the connecting IP address of the client and the
+# update status of each mirror to pick mirrors that are updated to and
+# geographically close to the client.  You should use this for CentOS updates
+# unless you are manually picking other mirrors.
+#
+# If the mirrorlist= does not work for you, as a fall back you can try the 
+# remarked out baseurl= line instead.
+#
+#
+
+[base]
+name=CentOS-$releasever - Base
+#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
+baseurl=http://{{ yum_centos_mirror_host }}/{{ yum_centos_mirror_directory }}/$releasever/os/$basearch/
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+
+#released updates 
+[updates]
+name=CentOS-$releasever - Updates
+#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
+baseurl=http://{{ yum_centos_mirror_host }}/{{ yum_centos_mirror_directory }}/$releasever/updates/$basearch/
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+
+#additional packages that may be useful
+[extras]
+name=CentOS-$releasever - Extras
+#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
+baseurl=http://{{ yum_centos_mirror_host }}/{{ yum_centos_mirror_directory }}/$releasever/extras/$basearch/
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+
+#additional packages that extend functionality of existing packages
+[centosplus]
+name=CentOS-$releasever - Plus
+#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra
+baseurl=http://{{ yum_centos_mirror_host }}/{{ yum_centos_mirror_directory }}/$releasever/centosplus/$basearch/
+gpgcheck=1
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

ansible/roles/yum/templates/epel.repo.j2

@@ -0,0 +1,26 @@
+[epel]
+name=Extra Packages for Enterprise Linux 7 - $basearch
+baseurl=http://{{ yum_epel_mirror_host }}/{{ yum_epel_mirror_directory }}/7/$basearch
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
+failovermethod=priority
+enabled=1
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
+
+[epel-debuginfo]
+name=Extra Packages for Enterprise Linux 7 - $basearch - Debug
+baseurl=http://{{ yum_epel_mirror_host }}/{{ yum_epel_mirror_directory }}/7/$basearch/debug
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-7&arch=$basearch
+failovermethod=priority
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
+gpgcheck=1
+
+[epel-source]
+name=Extra Packages for Enterprise Linux 7 - $basearch - Source
+baseurl=http://{{ yum_epel_mirror_host }}/{{ yum_epel_mirror_directory }}/7/SRPMS
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-7&arch=$basearch
+failovermethod=priority
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
+gpgcheck=1

ansible/yum.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Ensure Yum repos are configured
+  hosts: seed-hypervisor:seed:overcloud
+  roles:
+    - role: yum
+    - role: yum-cron

doc/source/release-notes.rst

@@ -17,6 +17,7 @@ Features
 * Adds support for configuration of custom fluentd filters, and additional
   config file templates for heat, ironic, keystone, magnum, murano, sahara, and
   swift in ``$KAYOBE_CONFIG_PATH/kolla/config/<component>/``.
+* Adds support for specifying a local Yum mirror for package installation.
 * Adds the command ``kayobe network connectivity check`` which can be used to
   verify network connectivity in the cloud hosts.
 

etc/kayobe/yum-cron.yml

@@ -0,0 +1,6 @@
+---
+
+# Whether to enable Yum automatic updates.
+#yum_cron_enabled: false
+# Command to use for Yum automatic updates.
+#yum_cron_update_cmd: 'security'

etc/kayobe/yum.yml

@@ -0,0 +1,12 @@
+---
+
+# Whether or not to use a local Yum mirror.
+#yum_use_local_mirror: false
+# Mirror FQDN for Yum repos.
+#yum_centos_mirror_host: 'mirror.centos.org'
+# Mirror directory for Yum CentOS repos.
+#yum_centos_mirror_directory: 'centos'
+# Mirror FQDN for Yum EPEL repos.
+#yum_epel_mirror_host: 'download.fedoraproject.org'
+# Mirror directory for Yum EPEL repos.
+#yum_epel_mirror_directory: 'pub/epel'

kayobe/cli/commands.py

@@ -264,6 +264,7 @@ class SeedHypervisorHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin,
     * Allocate IP addresses for all configured networks.
     * Add the host to SSH known hosts.
     * Configure user accounts, group associations, and authorised SSH keys.
+    * Configure Yum repos.
     * Configure the host's network interfaces.
     * Set sysctl parameters.
     * Configure NTP.
@@ -273,8 +274,8 @@ class SeedHypervisorHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin,
     def take_action(self, parsed_args):
         self.app.LOG.debug("Configuring seed hypervisor host OS")
         playbooks = _build_playbook_list(
-            "ip-allocation", "ssh-known-host", "users", "dev-tools", "network",
-            "sysctl", "ntp", "seed-hypervisor-libvirt-host")
+            "ip-allocation", "ssh-known-host", "users", "yum", "dev-tools",
+            "network", "sysctl", "ntp", "seed-hypervisor-libvirt-host")
         self.run_kayobe_playbooks(parsed_args, playbooks,
                                   limit="seed-hypervisor")
 
@@ -320,6 +321,7 @@ class SeedHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
     * Configure a user account for use by kayobe for SSH access.
     * Optionally, wipe unmounted disk partitions (--wipe-disks).
     * Configure user accounts, group associations, and authorised SSH keys.
+    * Configure Yum repos.
     * Disable SELinux.
     * Configure the host's network interfaces.
     * Set sysctl parameters.
@@ -353,8 +355,8 @@ class SeedHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
         if parsed_args.wipe_disks:
             playbooks += _build_playbook_list("wipe-disks")
         playbooks += _build_playbook_list(
-            "users", "dev-tools", "disable-selinux", "network", "sysctl",
-            "ip-routing", "snat", "disable-glean", "ntp", "lvm")
+            "users", "yum", "dev-tools", "disable-selinux", "network",
+            "sysctl", "ip-routing", "snat", "disable-glean", "ntp", "lvm")
         self.run_kayobe_playbooks(parsed_args, playbooks, limit="seed")
         playbooks = _build_playbook_list("kolla-ansible")
         self.run_kayobe_playbooks(parsed_args, playbooks, tags="config")
@@ -555,6 +557,7 @@ class OvercloudHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
     * Configure a user account for use by kayobe for SSH access.
     * Optionally, wipe unmounted disk partitions (--wipe-disks).
     * Configure user accounts, group associations, and authorised SSH keys.
+    * Configure Yum repos.
     * Disable SELinux.
     * Configure the host's network interfaces.
     * Set sysctl parameters.
@@ -588,8 +591,8 @@ class OvercloudHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
         if parsed_args.wipe_disks:
             playbooks += _build_playbook_list("wipe-disks")
         playbooks += _build_playbook_list(
-            "users", "dev-tools", "disable-selinux", "network", "sysctl",
-            "disable-glean", "ntp", "lvm")
+            "users", "yum", "dev-tools", "disable-selinux", "network",
+            "sysctl", "disable-glean", "ntp", "lvm")
         self.run_kayobe_playbooks(parsed_args, playbooks, limit="overcloud")
         playbooks = _build_playbook_list("kolla-ansible")
         self.run_kayobe_playbooks(parsed_args, playbooks, tags="config")