openstack-ansible/tests/bootstrap-aio.yml
Jesse Pretorius 191e0b8660 Eliminate installing pip on host/containers
None of the hosts need pip installed any more. Everything
installed on the host is now a distribution package, and
all pip packages are inside a virtualenv. As such, we make
the final changes to eliminate the installation of pip on
the host.

1. We change the pip_install role settings to only put
   pip.conf down, and not bother installing pip. The
   pip.conf remains necessary to provide any pip installs
   done in venvs with the details of the repo server.
2. We update the utility container playbook so that it
   installs everything into a venv, then symlinks the
   appropriate openstack client binaries to /usr/local/bin
   for convenient access. This is only done for source
   based installs.
3. We update the ceph radosgw keystone setup to make it
   use the appropriate service host, and to make use of
   the correct runtime venv. It also now makes use of
   native ansible modules instead of our own.

Depends-On: https://review.openstack.org/587840
Depends-On: https://review.openstack.org/587849
Depends-On: https://review.openstack.org/589643
Depends-On: https://review.openstack.org/590011
Depends-On: https://review.openstack.org/590178
Change-Id: Iac018386e98d1531b605c66bccf3bcce10226e19
2018-08-09 15:17:55 +01:00

81 lines
2.9 KiB
YAML

---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Bootstrap the All-In-One (AIO)
hosts: localhost
gather_facts: True
user: root
roles:
- role: "sshd"
- role: "bootstrap-host"
vars:
ansible_python_interpreter: "/usr/bin/python"
bootstrap_host_scenario: "{{ lookup('env','SCENARIO') | default('aio_lxc', true) }}"
install_method: "{{ lookup('env', 'INSTALL_METHOD') | default('source', true) }}"
openstack_confd_entries: "{{ confd_overrides[bootstrap_host_scenario] }}"
pip_install_upper_constraints_proto: "{{ ansible_python_version | version_compare('2.7.9', '>=') | ternary('https','http') }}"
pip_install_upper_constraints: >-
{{ (playbook_dir ~ '/../global-requirement-pins.txt') | realpath }}
--constraint {{ pip_install_upper_constraints_proto }}://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt?id={{ requirements_git_install_branch | regex_replace(' #.*$','') }}
sftp_subsystem:
'apt': 'sftp /usr/lib/openssh/sftp-server'
'yum': 'sftp /usr/libexec/openssh/sftp-server'
'zypper': 'sftp /usr/lib/ssh/sftp-server'
sshd:
ListenAddress:
- 0.0.0.0
- '::'
Port: 22
Protocol: 2
HostKey:
- "/etc/ssh/ssh_host_rsa_key"
- "/etc/ssh/ssh_host_ecdsa_key"
- "/etc/ssh/ssh_host_ed25519_key"
UsePrivilegeSeparation: yes
KeyRegenerationInterval: 3600
ServerKeyBits: 1024
SyslogFacility: "AUTH"
LogLevel: "INFO"
LoginGraceTime: 120
StrictModes: yes
RSAAuthentication: yes
PubkeyAuthentication: yes
IgnoreRhosts: yes
RhostsRSAAuthentication: no
HostbasedAuthentication: no
PermitEmptyPasswords: no
PermitRootLogin: yes
ChallengeResponseAuthentication: no
PasswordAuthentication: no
X11DisplayOffset: 10
PrintMotd: no
PrintLastLog: no
TCPKeepAlive: yes
AcceptEnv: "LANG LC_*"
Subsystem: "{{ sftp_subsystem[ansible_pkg_mgr] }}"
UsePAM: yes
UseDNS: no
X11Forwarding: no
Compression: yes
CompressionLevel: 6
MaxSessions: 100
MaxStartups: "100:100:100"
GSSAPIAuthentication: no
GSSAPICleanupCredentials: no
vars_files:
- "{{ playbook_dir }}/../playbooks/defaults/repo_packages/openstack_services.yml"
- vars/bootstrap-aio-vars.yml
environment: "{{ deployment_environment_variables | default({}) }}"