From dbdc1c7a18cccc37e6bac8b1b785a2b2eab12c44 Mon Sep 17 00:00:00 2001
From: Kevin Carter <kevin.carter@rackspace.com>
Date: Wed, 25 May 2016 09:53:13 -0500
Subject: [PATCH] Update ansible to version 2.1

This change updates the version of ansible to the stable tag
"v2.1.0.0-1".

The human readable log output for the gate has changed to using
the module provided by wierdo. This change is in support of
Ansible2.1.

Implements: blueprint ansible-2-1-support
Change-Id: Ibec98d2961669ef2dc7c5540d36b7cb4828d6b9c
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
---
 ansible-role-requirements.yml |  1 -
 playbooks/ansible.cfg         | 15 +++++++++++----
 scripts/bootstrap-aio.sh      |  2 +-
 scripts/bootstrap-ansible.sh  |  5 ++++-
 scripts/gate-check-commit.sh  |  7 ++-----
 scripts/run-playbooks.sh      |  4 +++-
 tests/ansible.cfg             | 13 ++++++++-----
 tests/test-inventory.ini      |  1 +
 8 files changed, 30 insertions(+), 18 deletions(-)
 create mode 100644 tests/test-inventory.ini

diff --git a/ansible-role-requirements.yml b/ansible-role-requirements.yml
index ab26ba5053..5a6a8f3b03 100644
--- a/ansible-role-requirements.yml
+++ b/ansible-role-requirements.yml
@@ -95,7 +95,6 @@
   src: https://git.openstack.org/openstack/openstack-ansible-os_tempest
   version: master
 - name: plugins
-  path: /etc/ansible
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-plugins
   version: master
diff --git a/playbooks/ansible.cfg b/playbooks/ansible.cfg
index 846064fd7d..34d8034428 100644
--- a/playbooks/ansible.cfg
+++ b/playbooks/ansible.cfg
@@ -1,9 +1,16 @@
 [defaults]
+# Set the role path
+roles_path = /etc/ansible/roles:roles
+
 # Additional plugins
-lookup_plugins = /etc/ansible/plugins/lookup
-filter_plugins = /etc/ansible/plugins/filter
-action_plugins = /etc/ansible/plugins/action
-library = /etc/ansible/plugins/library
+lookup_plugins = /etc/ansible/roles/plugins/lookup
+filter_plugins = /etc/ansible/roles/plugins/filter
+action_plugins = /etc/ansible/roles/plugins/action
+callback_plugins = /etc/ansible/roles/plugins/callback
+
+callback_whitelist = ''
+
+library = /etc/ansible/roles/plugins/library
 
 # Fact caching
 gathering = smart
diff --git a/scripts/bootstrap-aio.sh b/scripts/bootstrap-aio.sh
index 6d3cc5d788..df778006c4 100755
--- a/scripts/bootstrap-aio.sh
+++ b/scripts/bootstrap-aio.sh
@@ -25,7 +25,7 @@ export BOOTSTRAP_OPTS=${BOOTSTRAP_OPTS:-''}
 
 # Run AIO bootstrap playbook
 pushd tests
-  ansible-playbook -i "localhost ansible-connection=local," \
+  ansible-playbook -i test-inventory.ini \
                    -e "${BOOTSTRAP_OPTS}" \
                    bootstrap-aio.yml
 popd
diff --git a/scripts/bootstrap-ansible.sh b/scripts/bootstrap-ansible.sh
index 790670f6f9..8769d5b13e 100755
--- a/scripts/bootstrap-ansible.sh
+++ b/scripts/bootstrap-ansible.sh
@@ -22,7 +22,7 @@ set -e -u -x
 ## Vars ----------------------------------------------------------------------
 export HTTP_PROXY=${HTTP_PROXY:-""}
 export HTTPS_PROXY=${HTTPS_PROXY:-""}
-export ANSIBLE_GIT_RELEASE=${ANSIBLE_GIT_RELEASE:-"v1.9.4-1"}
+export ANSIBLE_GIT_RELEASE=${ANSIBLE_GIT_RELEASE:-"v2.1.0.0-1"}
 export ANSIBLE_GIT_REPO=${ANSIBLE_GIT_REPO:-"https://github.com/ansible/ansible"}
 export ANSIBLE_ROLE_FILE=${ANSIBLE_ROLE_FILE:-"ansible-role-requirements.yml"}
 export ANSIBLE_WORKING_DIR=${ANSIBLE_WORKING_DIR:-/opt/ansible_${ANSIBLE_GIT_RELEASE}}
@@ -103,6 +103,9 @@ pushd /usr/local/bin
     find /opt/ansible-runtime/bin/ -name 'ansible*' -exec ln -sf {} \;
 popd
 
+# If the Ansible plugins are in the old location remove them.
+[[ -d "/etc/ansible/plugins" ]] && rm -rf "/etc/ansible/plugins"
+
 # Update dependent roles
 if [ -f "${ANSIBLE_ROLE_FILE}" ]; then
   if [[ "${ANSIBLE_ROLE_FETCH_MODE}" == 'galaxy' ]];then
diff --git a/scripts/gate-check-commit.sh b/scripts/gate-check-commit.sh
index ec4ee91571..04248c60c9 100755
--- a/scripts/gate-check-commit.sh
+++ b/scripts/gate-check-commit.sh
@@ -81,7 +81,7 @@ fi
 # Bootstrap an AIO
 pushd $(dirname ${0})/../tests
   sed -i '/\[defaults\]/a nocolor = 1/' ansible.cfg
-  ansible-playbook -i "localhost ansible-connection=local," \
+  ansible-playbook -i test-inventory.ini \
                    -e "${BOOTSTRAP_OPTS}" \
                    ${ANSIBLE_PARAMETERS} \
                    bootstrap-aio.yml
@@ -101,11 +101,8 @@ pushd $(dirname ${0})/../playbooks
   mkdir -p /openstack/log/ansible-logging
   sed -i '/\[defaults\]/a log_path = /openstack/log/ansible-logging/ansible.log' ansible.cfg
 
-  # This plugin makes the output easier to read
-  wget -O /etc/ansible/plugins/callback/human_log.py https://gist.githubusercontent.com/cliffano/9868180/raw/f360f306b3c6d689734a6aa8773a00edf16a0054/human_log.py
-
   # Enable callback plugins
-  sed -i '/\[defaults\]/a callback_plugins = /etc/ansible/plugins/callback' ansible.cfg
+  sed -i 's/^callback_whitelist.*/callback_whitelist = "profile_tasks"/g' ansible.cfg
 popd
 
 # Log some data about the instance and the rest of the system
diff --git a/scripts/run-playbooks.sh b/scripts/run-playbooks.sh
index 6e4f5c91cf..ec1090cf50 100755
--- a/scripts/run-playbooks.sh
+++ b/scripts/run-playbooks.sh
@@ -48,7 +48,9 @@ pushd "playbooks"
     # NOTE(mattt): We have to skip V-38462 as openstack-infra are now building
     #              images with apt config Apt::Get::AllowUnauthenticated set
     #              to true.
-    install_bits --skip-tag V-38462 security-hardening.yml
+    # NOTE(cloudnull): We have to skip V-38496,V-38670 as openstack-infra are now building
+    #                  images with open users resulting in "System accounts are unlocked"
+    install_bits --skip-tag "V-38462,V-38496,V-38670" security-hardening.yml
 
     # Bring the lxc bridge down and back up to ensures the iptables rules are in-place
     # This also will ensure that the lxc dnsmasq rules are active.
diff --git a/tests/ansible.cfg b/tests/ansible.cfg
index 95de5dcf89..90e3509718 100644
--- a/tests/ansible.cfg
+++ b/tests/ansible.cfg
@@ -1,10 +1,13 @@
 [defaults]
+# Set the role path
+roles_path = /etc/ansible/roles:roles
+
 # Additional plugins
-action_plugins = /etc/ansible/plugins/action
-callback_plugins = /etc/ansible/plugins/callback
-filter_plugins = /etc/ansible/plugins/filter
-lookup_plugins = /etc/ansible/plugins/lookup
-library = /etc/ansible/plugins/library
+action_plugins = /etc/ansible/roles/plugins/action
+callback_plugins = /etc/ansible/roles/plugins/callback
+filter_plugins = /etc/ansible/roles/plugins/filter
+lookup_plugins = /etc/ansible/roles/plugins/lookup
+library = /etc/ansible/roles/plugins/library
 
 # Set color options
 nocolor = 0
diff --git a/tests/test-inventory.ini b/tests/test-inventory.ini
new file mode 100644
index 0000000000..05614f63f4
--- /dev/null
+++ b/tests/test-inventory.ini
@@ -0,0 +1 @@
+localhost ansible_connection=local
\ No newline at end of file