openstack/openstack-ansible
Code Issues Proposed changes
openstack-ansible/inventory/group_vars/all/all.yml
Jesse Pretorius 0635dfbccc Ensure that global-requirement-pins.txt is applied 
In the previous repo build process, we had global constraints which
override upper constraints and anything set in the roles. This was
essential for two purposes:

1. To enable us to pin things that were not in upper constraints. eg: pip,
   setuptools, wheel
2. To enable us to pin things which were in upper constraints, but broken.
   This would usually be a temporary measure until upper constraints was
   fixed.

This patch extracts the global pins from global-requirement-pins.txt
into a list and sets 'venv_build_global_constraints' to the resulting
list so that it is applied to all venvs built.

In order to reliably find this file without using a hard-coded path, we
implement a change to the wrapper script to set the path in it in a
similar manner to that implemented for the inventory path.

Depends-On: I9ae3ef19c863b9237a51d2fcd6f4ebce1a9ebad7
Change-Id: I138fe1c8ea80fe71244ab0dc6497cfc6d7bdf953
2019-04-17 15:15:22 +01:00

137 lines
4.9 KiB
YAML
Raw Blame History

---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
## OpenStack Source Code Release
openstack_release: "{{ lookup('env', 'OSA_VERSION') | default('undefined', true) }}"
## OpenStack Configuration directory
openstack_config_dir: "{{ lookup('env', 'OSA_CONFIG_DIR') | default('/etc/openstack_deploy') }}"
## Verbosity Options
debug: False
## SSH connection wait time
ssh_delay: 5
# Set the package install state for distribution packages
# Options are 'present' and 'latest'.
# NOTE(mhayden): Allowing CentOS 7 and openSUSE to use package_state=present should give
# gate jobs a better chance to finish and expose more issues to fix.
package_state: "{{ (ansible_pkg_mgr in ['dnf', 'yum', 'zypper']) | ternary('present', 'latest') }}"
# Set "/var/log" to be a bind mount to the physical host.
default_bind_mount_logs: true
# Set distro variable
# NOTE(hwoarang): ansible_distribution may return a string with spaces
# such as "openSUSE Leap" so we need to replace the space with underscore
# in order to create a more sensible repo name for the distro.
os_distro_version: "{{ (ansible_distribution | lower) | replace(' ', '_') }}-{{ ansible_distribution_version.split('.')[:2] | join('.') }}-{{ ansible_architecture | lower }}"
# Set the systemd prefix based on the base OS.
systemd_utils_distro_prefix:
apt: "/lib/systemd"
yum: "/lib/systemd"
dnf: "/lib/systemd"
zypper: "/usr/lib/systemd"
systemd_utils_prefix: "{{ systemd_utils_distro_prefix[ansible_pkg_mgr] }}"
# Ensure that the package state matches the global setting
rsyslog_client_package_state: "{{ package_state }}"
# At this time there's no suitable package available for systemd-journal-remote/gateway
# When installing on SUSE 42.x. For now this playbook will omit suse when the package
# manager is "zypper". When a suitable package is available on SUSE this should be removed.
rsyslog_client_enabled: "{{ ansible_pkg_mgr == 'zypper' }}"
rsyslog_server_enabled: "{{ ansible_pkg_mgr == 'zypper' }}"
# URL for the frozen internal openstack repo.
repo_server_port: 8181
## Default installation method for OpenStack services
install_method: "source"
## DNS resolution (resolvconf) options
#Group containing resolvers to configure
resolvconf_resolver_group: unbound
## Enable external SSL handling for general OpenStack services
openstack_external_ssl: true
## OpenStack global Endpoint Protos
openstack_service_publicuri_proto: https
openstack_service_adminuri_proto: http
openstack_service_internaluri_proto: http
## Region Name
service_region: RegionOne
## OpenStack Domain
openstack_domain: openstack.local
lxc_container_domain: "{{ container_domain }}"
container_domain: "{{ openstack_domain }}"
## DHCP Domain Name
dhcp_domain: openstacklocal
## LDAP enabled toggle
service_ldap_backend_enabled: "{{ keystone_ldap is defined and keystone_ldap.Default is defined }}"
## Base venv configuration
venv_tag: "{{ openstack_release }}"
## Gnocchi
# Used in both Gnocchi and Swift roles.
gnocchi_service_project_name: "{{ (gnocchi_storage_driver is defined and gnocchi_storage_driver == 'swift') | ternary('gnocchi_swift', 'service') }}"
## OpenStack Openrc
openrc_os_auth_url: "{{ keystone_service_internalurl }}"
openrc_os_password: "{{ keystone_auth_admin_password }}"
openrc_os_domain_name: "Default"
openrc_region_name: "{{ service_region }}"
## Host security hardening
# The ansible-hardening role provides security hardening for hosts
# by applying security configurations from the STIG. Hardening is enabled by
# default, but an option to opt out is available by setting the following
# variable to 'false'.
# Docs: https://docs.openstack.org/ansible-hardening/latest/
apply_security_hardening: true
## Ansible ssh configuration
ansible_ssh_extra_args: >
-o UserKnownHostsFile=/dev/null
-o StrictHostKeyChecking=no
-o ServerAliveInterval=64
-o ServerAliveCountMax=1024
-o Compression=no
-o TCPKeepAlive=yes
-o VerifyHostKeyDNS=no
-o ForwardX11=no
-o ForwardAgent=yes
-T
# Toggle whether the service is deployed in a container or not
is_metal: >-
{{ (properties is defined) and
(properties.is_metal is defined) and
(properties.is_metal | bool) }}
_global_pins_file_path: >-
{{ (lookup('env', 'OSA_CLONE_ROOT') | default('/opt/openstack-ansible', true)) ~ '/global-requirement-pins.txt' }}
venv_build_global_constraints: >-
{{ lookup('file', _global_pins_file_path).splitlines() | reject('match','^#.*$') | reject('equalto', '') | list }}
View Git Blame Copy Permalink