From 3b24e566f6f7f44eb2d10e8bfb841ede17c983f3 Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Fri, 6 Dec 2019 16:27:26 +0000 Subject: [PATCH] CentOS 8: Deploy CentOS 8 containers * HAProxy is now 1.8 in CentOS 8 * Support python3 in baremetal role * Remove support for environments without python2 installed (this could not have worked since we gather facts before this point) Workarounds: * Using CentOS 7 yum repo for Docker, with module_hotfixes Change-Id: I30bd3d58f6224ad4c9575ba66c74deabe6895cc4 Partially-Implements: blueprint centos-rhel-8 --- ansible/group_vars/all.yml | 4 ++-- ansible/roles/baremetal/defaults/main.yml | 23 +++++++++++++++---- ansible/roles/baremetal/tasks/install.yml | 20 ++++++++-------- ansible/roles/baremetal/tasks/pre-install.yml | 22 +++++++++++------- .../roles/haproxy/templates/haproxy_run.sh.j2 | 3 ++- 5 files changed, 45 insertions(+), 27 deletions(-) diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 4e53d496a6..f2c33738f2 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -1105,9 +1105,9 @@ influxdb_address: "{{ kolla_internal_fqdn }}" # Internal Image options ######################### distro_python_version_map: { - "centos": "2.7", + "centos": "{{ '3.6' if ansible_distribution_major_version is version(8, '>=') else '2.7' }}", "debian": "3.7", - "rhel": "2.7", + "rhel": "{{ '3.6' if ansible_distribution_major_version is version(8, '>=') else '2.7' }}", "ubuntu": "3.6" } diff --git a/ansible/roles/baremetal/defaults/main.yml b/ansible/roles/baremetal/defaults/main.yml index 2466ef3d40..50d31c4edd 100644 --- a/ansible/roles/baremetal/defaults/main.yml +++ b/ansible/roles/baremetal/defaults/main.yml @@ -11,7 +11,9 @@ docker_apt_package: "docker-ce" # Docker Yum repository configuration. docker_yum_url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}" -docker_yum_baseurl: "{{ docker_yum_url }}/{{ ansible_distribution_major_version | lower }}/$basearch/stable" +# FIXME(mgoddard): Use {{ ansible_distribution_major_version | lower }} rather +# than 7. +docker_yum_baseurl: "{{ docker_yum_url }}/7/$basearch/stable" docker_yum_gpgkey: "{{ docker_yum_url }}/gpg" docker_yum_gpgcheck: true docker_yum_package: "docker-ce" @@ -36,12 +38,20 @@ docker_custom_config: {} # Ubuntu 18+ does not have easy_install available due to # https://bugs.launchpad.net/ubuntu/+source/python-setuptools/+bug/1774419. +# CentOS/RHEL 8 does not have easy_install. easy_install_available: >- {{ not (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version is version(18, 'ge')) and not (ansible_distribution == 'Debian' and - ansible_distribution_major_version is version(10, 'ge')) }} + ansible_distribution_major_version is version(10, 'ge')) + and + not (ansible_os_family == 'RedHat' and + ansible_distribution_major_version is version(8, 'ge')) }} + +# Version of python used to execute Ansible modules. +host_python_version: "{{ ansible_python.version.major }}.{{ ansible_python.version.minor }}" +host_python_major_version: "{{ ansible_python.version.major }}" # Ubuntu 18+ bundles nfs-ganesha 2.6.0 with Ceph Mimic packages, # which does udp rpcbind test even with NFSv3 disabled - therefore @@ -49,15 +59,18 @@ easy_install_available: >- debian_pkg_install: - "{{ docker_apt_package }}" - git - - "{% if not easy_install_available %}python-pip{% endif %}" - - python-setuptools + - "python{% if host_python_major_version == '3' %}3{% endif %}-setuptools" + - "{% if not easy_install_available %}python{% if host_python_major_version == '3' %}3{% endif %}-pip{% endif %}" + - "{% if virtualenv is not none %}python{% if host_python_major_version == '3' %}3{% endif %}-virtualenv{% endif %}" - "{% if enable_host_ntp | bool %}ntp{% endif %}" - "{% if enable_ceph_nfs|bool %}rpcbind{% endif %}" redhat_pkg_install: - "{{ docker_yum_package }}" - git - - python-setuptools + - "{% if host_python_major_version == '2' %}python-setuptools{% endif %}" + - "{% if not easy_install_available %}python{{ host_python_major_version }}-pip{% endif %}" + - "{% if virtualenv is not none %}python{{ host_python_major_version }}-virtualenv{% endif %}" - "{% if enable_host_ntp | bool %}ntp{% endif %}" - sudo diff --git a/ansible/roles/baremetal/tasks/install.yml b/ansible/roles/baremetal/tasks/install.yml index c8d1f33dec..4dbb03c454 100644 --- a/ansible/roles/baremetal/tasks/install.yml +++ b/ansible/roles/baremetal/tasks/install.yml @@ -55,21 +55,23 @@ register: apt_install_result - name: Install deltarpm packages + vars: + package_name: "{{ 'deltarpm' if ansible_distribution_major_version == '7' else 'drpm' }}" package: - name: deltarpm + name: "{{ package_name }}" state: present update_cache: yes become: True when: ansible_os_family == 'RedHat' -- name: Install yum packages +- name: Install RPM packages package: name: "{{ (redhat_pkg_install | join(' ')).split() }}" state: present update_cache: yes become: True when: ansible_os_family == 'RedHat' - register: yum_install_result + register: rpm_install_result # If any packages were updated, and any containers were running, wait for the # daemon to come up and start all previously running containers. @@ -101,14 +103,7 @@ - running_containers.rc == 0 - running_containers.stdout != '' vars: - install_result: "{{ yum_install_result if ansible_os_family == 'RedHat' else apt_install_result }}" - -- name: Install virtualenv packages - package: - name: python-virtualenv - state: present - become: True - when: virtualenv is not none + install_result: "{{ rpm_install_result if ansible_os_family == 'RedHat' else apt_install_result }}" - name: Install pip easy_install: @@ -124,6 +119,7 @@ name: pip>19.3 virtualenv: "{{ virtualenv }}" virtualenv_site_packages: "{{ virtualenv_site_packages }}" + virtualenv_python: "python{{ host_python_version }}" become: True when: virtualenv is not none @@ -131,8 +127,10 @@ pip: # NOTE(hrw) docker 2.4.2 is in kolla-ansible requirements name: docker>=2.4.2 + executable: "{{ virtualenv is none | ternary('pip' ~ host_python_major_version, omit) }}" virtualenv: "{{ virtualenv is none | ternary(omit, virtualenv) }}" virtualenv_site_packages: "{{ virtualenv is none | ternary(omit, virtualenv_site_packages) }}" + virtualenv_python: "{{ virtualenv is none | ternary(omit, 'python' ~ host_python_version) }}" become: True - name: Remove packages diff --git a/ansible/roles/baremetal/tasks/pre-install.yml b/ansible/roles/baremetal/tasks/pre-install.yml index e53d5452e6..f13d7c8f7a 100644 --- a/ansible/roles/baremetal/tasks/pre-install.yml +++ b/ansible/roles/baremetal/tasks/pre-install.yml @@ -1,12 +1,4 @@ --- -# NOTE: raw install is required to support cloud images which do not have python installed -- name: "Install python2" - become: True - raw: "yum install -y python || (apt-get update && apt-get install -y python2.7)" - -- name: Gather facts - setup: - - name: Ensure localhost in /etc/hosts lineinfile: dest: /etc/hosts @@ -134,6 +126,20 @@ gpgkey: "{{ docker_yum_gpgkey }}" become: True + # NOTE(yoctozepto): above cannot set this but we require it + # to install containerd.io due to runc being a modular package + # in CentOS 8 + # see: https://bugzilla.redhat.com/show_bug.cgi?id=1734081 + - name: Ensure module_hotfixes enabled for docker + lineinfile: + dest: /etc/yum.repos.d/docker.repo + regexp: "^module_hotfixes" + line: "module_hotfixes = True" + state: present + become: True + when: + - ansible_distribution_major_version == '8' + - name: Install docker rpm gpg key rpm_key: state: present diff --git a/ansible/roles/haproxy/templates/haproxy_run.sh.j2 b/ansible/roles/haproxy/templates/haproxy_run.sh.j2 index 6c2e1feef0..c556e6f9f4 100644 --- a/ansible/roles/haproxy/templates/haproxy_run.sh.j2 +++ b/ansible/roles/haproxy/templates/haproxy_run.sh.j2 @@ -1,5 +1,6 @@ #!/bin/bash -x -{% set haproxy_cmd='/usr/sbin/haproxy -W -db' if kolla_base_distro in ['debian', 'ubuntu'] else '/usr/sbin/haproxy-systemd-wrapper' %} +{% set has_haproxy_1_8=kolla_base_distro in ['debian', 'ubuntu'] or (kolla_base_distro == 'centos' and ansible_distribution_major_version is version(8, '>=')) %} +{% set haproxy_cmd='/usr/sbin/haproxy -W -db' if has_haproxy_1_8 else '/usr/sbin/haproxy-systemd-wrapper' %} # We need to run haproxy with one `-f` for each service, because including an # entire config directory was not a feature until version 1.7 of HAProxy.