5f7000e185
The current ansible bootstrap process tried to pin the versions of pip, setuptools and wheel on the host and also uses inherited python packages from the host. This causes problems when the host has a version of setuptools which is cannot be changed (perhaps due to some bug) or when the host has otherwise undesirable python packages. The ansible bootstrap process only needs to be concerned with whether pip is installed and understands how to use constraints. From there we can bootstrap the venv using get-pip and completely avoid package conflicts with the host. Once Ansible is bootstrapped, the pip_install role will ensure that pip, setuptools and wheel are correctly bootstrapped and pinned across all hosts. The pip_install role now uses constraints for the initial get-pip [1], so we can also remove the list of pip pins from group_vars. We remove pip, setuptools and wheel from the requirements.txt to allow the packages on the host to be installed in the bootstrap without forcing a change of pip/setuptools/wheel at the same time (which causes failures in some circumstances). [1] https://review.openstack.org/483905 Change-Id: Ida84fb6bb726e1332f0e29ade51b67a5721f0785
105 lines
3.2 KiB
YAML
105 lines
3.2 KiB
YAML
---
|
|
# Copyright 2015, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Bootstrap the All-In-One (AIO)
|
|
hosts: localhost
|
|
gather_facts: True
|
|
user: root
|
|
roles:
|
|
- role: "sshd"
|
|
- role: "pip_install"
|
|
- role: "bootstrap-host"
|
|
vars:
|
|
ansible_python_interpreter: "/usr/bin/python"
|
|
openstack_confd_entries: "{{ confd_overrides[bootstrap_host_scenario] }}"
|
|
bootstrap_host_scenario: "{{ lookup('env','SCENARIO') | default('aio', true) }}"
|
|
confd_overrides:
|
|
aio:
|
|
- name: cinder.yml.aio
|
|
- name: designate.yml.aio
|
|
- name: glance.yml.aio
|
|
- name: heat.yml.aio
|
|
- name: horizon.yml.aio
|
|
- name: keystone.yml.aio
|
|
- name: neutron.yml.aio
|
|
- name: nova.yml.aio
|
|
- name: swift.yml.aio
|
|
ceph:
|
|
- name: ceph.yml.aio
|
|
- name: cinder.yml.aio
|
|
- name: glance.yml.aio
|
|
- name: heat.yml.aio
|
|
- name: horizon.yml.aio
|
|
- name: keystone.yml.aio
|
|
- name: neutron.yml.aio
|
|
- name: nova.yml.aio
|
|
translations:
|
|
- name: cinder.yml.aio
|
|
- name: designate.yml.aio
|
|
- name: glance.yml.aio
|
|
- name: heat.yml.aio
|
|
- name: horizon.yml.aio
|
|
- name: keystone.yml.aio
|
|
- name: neutron.yml.aio
|
|
- name: nova.yml.aio
|
|
- name: swift.yml.aio
|
|
- name: sahara.yml.aio
|
|
- name: magnum.yml.aio
|
|
- name: octavia.yml.aio
|
|
- name: trove.yml.aio
|
|
sftp_subsystem: "{{ (ansible_pkg_mgr == 'apt') | ternary('sftp /usr/lib/openssh/sftp-server','sftp /usr/libexec/openssh/sftp-server') }}"
|
|
sshd:
|
|
ListenAddress:
|
|
- 0.0.0.0
|
|
- '::'
|
|
Port: 22
|
|
Protocol: 2
|
|
HostKey:
|
|
- "/etc/ssh/ssh_host_rsa_key"
|
|
- "/etc/ssh/ssh_host_ecdsa_key"
|
|
- "/etc/ssh/ssh_host_ed25519_key"
|
|
UsePrivilegeSeparation: yes
|
|
KeyRegenerationInterval: 3600
|
|
ServerKeyBits: 1024
|
|
SyslogFacility: "AUTH"
|
|
LogLevel: "INFO"
|
|
LoginGraceTime: 120
|
|
StrictModes: yes
|
|
RSAAuthentication: yes
|
|
PubkeyAuthentication: yes
|
|
IgnoreRhosts: yes
|
|
RhostsRSAAuthentication: no
|
|
HostbasedAuthentication: no
|
|
PermitEmptyPasswords: no
|
|
PermitRootLogin: yes
|
|
ChallengeResponseAuthentication: no
|
|
PasswordAuthentication: no
|
|
X11DisplayOffset: 10
|
|
PrintMotd: no
|
|
PrintLastLog: no
|
|
TCPKeepAlive: yes
|
|
AcceptEnv: "LANG LC_*"
|
|
Subsystem: "{{ sftp_subsystem }}"
|
|
UsePAM: yes
|
|
UseDNS: no
|
|
X11Forwarding: no
|
|
Compression: yes
|
|
CompressionLevel: 6
|
|
MaxSessions: 100
|
|
MaxStartups: "100:100:100"
|
|
GSSAPIAuthentication: no
|
|
GSSAPICleanupCredentials: no
|
|
|