From e3afdf14b6569d04c02481c4c5aeb11e854b5043 Mon Sep 17 00:00:00 2001 From: Grzegorz Grasza Date: Thu, 18 Aug 2022 11:41:27 +0000 Subject: [PATCH] Use system installed ansible-freeipa instead of collections The RHEL suppplied ansible-freeipa RPM package installs the modules at the default ansible module path and not as a collection. This caused problems for the end user. This also changes the linter job to run on CentOS, since the ansible-freeipa package is not available on Ubuntu. This also reverts commit 2cc09a2b68c5b64b35742de91d4e7c0cd73f188c. Reason for revert: We get this error: error={"msg": "template error while templating string: cannot import name 'environmentfilter' from 'jinja2.filters' (/usr/lib/python3.9/site-packages/ansible/_vendor/jinja2/filters.py)\n line 0. String: {{ 'A' if record_value | ansible.utils.ipv4 else 'AAAA' }}"} Change-Id: I7df25fb945da1d98c68fe4113a09afdc2f2c5687 --- .ansible-lint | 3 ++ ansible-collections-requirements.yml | 1 - bindep.txt | 17 ++++--- scripts/bindep-install | 45 +++++++++++++++++++ .../roles/tripleo_ipa_dns/tasks/dns.yaml | 18 ++++---- .../tripleo_ipa_registration/tasks/main.yml | 2 +- .../tasks/services.yml | 4 +- .../tripleo_ipa_setup/tasks/add_ipa_user.yml | 6 +-- .../roles/tripleo_ipa_setup/tasks/setup.yml | 8 ++-- zuul.d/base.yaml | 5 +++ zuul.d/layout.yaml | 4 +- zuul.d/playbooks/pre.yml | 13 ++++++ 12 files changed, 98 insertions(+), 28 deletions(-) create mode 100755 scripts/bindep-install diff --git a/.ansible-lint b/.ansible-lint index fd30108..5f5f373 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,3 +1,6 @@ +exclude_paths: + - .. + skip_list: - experimental # all rules tagged as experimental - no-changed-when # Commands should not change things if nothing needs doing diff --git a/ansible-collections-requirements.yml b/ansible-collections-requirements.yml index 482175a..47905c8 100644 --- a/ansible-collections-requirements.yml +++ b/ansible-collections-requirements.yml @@ -1,7 +1,6 @@ collections: - containers.podman - community.general - - freeipa.ansible_freeipa - ansible.posix - ansible.netcommon - openstack.cloud diff --git a/bindep.txt b/bindep.txt index 8e60cc8..69a507b 100644 --- a/bindep.txt +++ b/bindep.txt @@ -18,20 +18,25 @@ gcc-c++ [platform:rpm] git [platform:rpm] libffi-devel [platform:rpm] openssl-devel [platform:rpm] +podman [platform:rpm] python-devel [platform:rpm !platform:rhel-8 !platform:centos-8] python3-devel [platform:rpm !platform:rhel-7 !platform:centos-7] -PyYAML [platform:rpm !platform:rhel-8 !platform:centos-8] +PyYAML [platform:rpm !platform:rhel-8 !platform:centos-8 !platform:rhel-9 !platform:centos-9 !platform:fedora] python3-pyyaml [platform:rpm !platform:rhel-7 !platform:centos-7] python3-dnf [platform:rpm !platform:rhel-7 !platform:centos-7] -# For SELinux -libselinux-python [platform:rpm !platform:rhel-8 !platform:centos-8] -libsemanage-python [platform:redhat !platform:rhel-8 !platform:centos-8] -libselinux-python3 [platform:rpm !platform:rhel-7 !platform:centos-7] -libsemanage-python3 [platform:redhat !platform:rhel-7 !platform:centos-7] +# SELinux cent7 +libselinux-python3 [platform:rpm !platform:rhel-8 !platform:centos-8] +libsemanage-python3 [platform:redhat !platform:rhel-8 !platform:centos-8] +# SELinux cent8 +python3-libselinux [platform:rpm !platform:rhel-7 !platform:centos-7] +python3-libsemanage [platform:redhat !platform:rhel-7 !platform:centos-7] # Required for compressing collected log files in CI gzip # Required to build language docs gettext + +# Install ansible-freeipa to default ansible path +ansible-freeipa [platform:redhat] diff --git a/scripts/bindep-install b/scripts/bindep-install new file mode 100755 index 0000000..b9f1233 --- /dev/null +++ b/scripts/bindep-install @@ -0,0 +1,45 @@ +#!/usr/bin/env bash +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +## Shell Opts ---------------------------------------------------------------- + +set -o pipefail +set -xeuo + + +## Vars ---------------------------------------------------------------------- + +export BINDEP_FILE="${BINDEP_FILE:-$(dirname $(readlink -f ${BASH_SOURCE[0]}))/../bindep.txt}" + + +## Main ---------------------------------------------------------------------- + +# Source distribution information +source /etc/os-release || source /usr/lib/os-release +RHT_PKG_MGR=$(command -v dnf || command -v yum) + +# NOTE(cloudnull): Get a list of packages to install with bindep. If packages +# need to be installed, bindep exits with an exit code of 1. +BINDEP_PKGS=$(bindep -b -f "${BINDEP_FILE}" test || true) + +if [[ ${#BINDEP_PKGS} > 0 ]]; then + case "${ID,,}" in + amzn|rhel|centos|fedora) + sudo "${RHT_PKG_MGR}" install -y ${BINDEP_PKGS} + ;; + esac +fi diff --git a/tripleo_ipa/roles/tripleo_ipa_dns/tasks/dns.yaml b/tripleo_ipa/roles/tripleo_ipa_dns/tasks/dns.yaml index 4038779..1339753 100644 --- a/tripleo_ipa/roles/tripleo_ipa_dns/tasks/dns.yaml +++ b/tripleo_ipa/roles/tripleo_ipa_dns/tasks/dns.yaml @@ -40,17 +40,17 @@ block: - name: set record type set_fact: - record_type: "{{ 'A' if record_value | ansible.utils.ipv4 else 'AAAA' }}" + record_type: "{{ 'A' if record_value| ansible.netcommon.ipv4 else 'AAAA' }}" - name: add dns zone - freeipa.ansible_freeipa.ipadnszone: + ipadnszone: name: "{{ zone_name }}" become: true - name: Modify or add forward dns block: - name: try modifying forward dns record - freeipa.ansible_freeipa.ipadnsrecord: + ipadnsrecord: zone_name: "{{ zone_name }}" record_name: "{{ record_name }}" record_type: "{{ record_type }}" @@ -60,7 +60,7 @@ become: true - name: try modifying forward dns record - freeipa.ansible_freeipa.ipadnsrecord: + ipadnsrecord: zone_name: "{{ zone_name }}" record_name: "{{ record_name }}" record_type: "{{ record_type }}" @@ -70,7 +70,7 @@ become: true rescue: - name: add forward dns record - freeipa.ansible_freeipa.ipadnsrecord: + ipadnsrecord: zone_name: "{{ zone_name }}" record_name: "{{ record_name }}" record_type: "{{ record_type }}" @@ -79,7 +79,7 @@ - name: get reverse record data set_fact: - reverse_addr: "{{ record_value | ansible.utils.ipaddr('revdns') }}" + reverse_addr: "{{ record_value | ipaddr('revdns') }}" - name: set reverse record entries for ipv4 set_fact: @@ -94,7 +94,7 @@ when: record_type == 'AAAA' - name: add reverse record dns zone - freeipa.ansible_freeipa.ipadnszone: + ipadnszone: name: "{{ reverse_record_zone }}" register: reverse_zone_result failed_when: reverse_zone_result.failed and 'already exists in DNS' not in reverse_zone_result.msg @@ -103,7 +103,7 @@ - name: Modify or add reverse dns record block: - name: try modifying reverse dns record - freeipa.ansible_freeipa.ipadnsrecord: + ipadnsrecord: zone_name: "{{ reverse_record_zone }}" record_name: "{{ reverse_record_name }}" record_type: "PTR" @@ -112,7 +112,7 @@ become: true rescue: - name: add reverse dns record - freeipa.ansible_freeipa.ipadnsrecord: + ipadnsrecord: zone_name: "{{ reverse_record_zone }}" record_name: "{{ reverse_record_name }}" record_type: "PTR" diff --git a/tripleo_ipa/roles/tripleo_ipa_registration/tasks/main.yml b/tripleo_ipa/roles/tripleo_ipa_registration/tasks/main.yml index e8f0545..12d02ab 100644 --- a/tripleo_ipa/roles/tripleo_ipa_registration/tasks/main.yml +++ b/tripleo_ipa/roles/tripleo_ipa_registration/tasks/main.yml @@ -45,7 +45,7 @@ become: true block: - name: add new host with one-time password - freeipa.ansible_freeipa.ipahost: + ipahost: name: "{{ base_server_fqdn }}" random: true force: true diff --git a/tripleo_ipa/roles/tripleo_ipa_registration/tasks/services.yml b/tripleo_ipa/roles/tripleo_ipa_registration/tasks/services.yml index e8602db..ed36c39 100644 --- a/tripleo_ipa/roles/tripleo_ipa_registration/tasks/services.yml +++ b/tripleo_ipa/roles/tripleo_ipa_registration/tasks/services.yml @@ -31,14 +31,14 @@ service: "{{ item.1 }}" - name: add sub_host - freeipa.ansible_freeipa.ipahost: + ipahost: fqdn: "{{ sub_host }}" force: true state: present become: true - name: add service - freeipa.ansible_freeipa.ipaservice: + ipaservice: name: "{{ service }}/{{ sub_host }}" force: true state: present diff --git a/tripleo_ipa/roles/tripleo_ipa_setup/tasks/add_ipa_user.yml b/tripleo_ipa/roles/tripleo_ipa_setup/tasks/add_ipa_user.yml index 2da89c7..7924028 100644 --- a/tripleo_ipa/roles/tripleo_ipa_setup/tasks/add_ipa_user.yml +++ b/tripleo_ipa/roles/tripleo_ipa_setup/tasks/add_ipa_user.yml @@ -24,20 +24,20 @@ nova_service: "nova/{{ undercloud_fqdn }}" - name: add nova service - freeipa.ansible_freeipa.ipaservice: + ipaservice: name: "{{ nova_service }}" state: present force: true - name: add Nova Host Manager role - freeipa.ansible_freeipa.iparole: + iparole: name: Nova Host Manager description: Nova Host Manager privilege: - Nova Host Management - name: add service to the Nova Host Manager role - freeipa.ansible_freeipa.iparole: + iparole: name: Nova Host Manager service: "{{ nova_service }}" action: member diff --git a/tripleo_ipa/roles/tripleo_ipa_setup/tasks/setup.yml b/tripleo_ipa/roles/tripleo_ipa_setup/tasks/setup.yml index a6932af..3f9516e 100644 --- a/tripleo_ipa/roles/tripleo_ipa_setup/tasks/setup.yml +++ b/tripleo_ipa/roles/tripleo_ipa_setup/tasks/setup.yml @@ -50,7 +50,7 @@ - 'Retrieve Certificates from the CA' - name: add nova host management permissions - freeipa.ansible_freeipa.ipapermission: + ipapermission: name: "{{ item.name }}" right: "{{ item.right }}" object_type: "{{ item.type }}" @@ -58,12 +58,12 @@ loop: "{{ novajoin_perms|flatten(levels=1) }}" - name: add Nova Host privilege - freeipa.ansible_freeipa.ipaprivilege: + ipaprivilege: name: Nova Host Management description: Nova Host Management - name: add permissions to the Nova Host privilege - freeipa.ansible_freeipa.ipaprivilege: + ipaprivilege: name: Nova Host Management action: member permission: "{{ item }}" @@ -74,7 +74,7 @@ loop: "{{ novajoin_privilege_perms }}" - name: add Nova Host Manager role - freeipa.ansible_freeipa.iparole: + iparole: name: Nova Host Manager description: Nova Host Manager privilege: diff --git a/zuul.d/base.yaml b/zuul.d/base.yaml index 72ad617..b30cd14 100644 --- a/zuul.d/base.yaml +++ b/zuul.d/base.yaml @@ -1,4 +1,9 @@ --- +- job: + description: Runs tox linters job on centos + name: openstack-tox-linters-centos + parent: openstack-tox-linters + nodeset: devstack-single-node-centos-9-stream - job: description: tripleo-ipa molecule job name: tripleo-ipa-centos-9-molecule diff --git a/zuul.d/layout.yaml b/zuul.d/layout.yaml index 7f20c5f..0ee918b 100644 --- a/zuul.d/layout.yaml +++ b/zuul.d/layout.yaml @@ -7,9 +7,9 @@ - tripleo-standalone-multinode-ipa-pipeline check: jobs: - - openstack-tox-linters + - openstack-tox-linters-centos - tripleo-ipa-centos-9-molecule gate: jobs: - - openstack-tox-linters + - openstack-tox-linters-centos - tripleo-ipa-centos-9-molecule diff --git a/zuul.d/playbooks/pre.yml b/zuul.d/playbooks/pre.yml index 8f51acc..8140f1c 100644 --- a/zuul.d/playbooks/pre.yml +++ b/zuul.d/playbooks/pre.yml @@ -15,6 +15,19 @@ include_role: name: ensure-pip + - name: Setup bindep + pip: + name: "bindep" + virtualenv: "{{ ansible_user_dir }}/test-python" + virtualenv_command: "{{ ensure_pip_virtualenv_command }}" + virtualenv_site_packages: true + + - name: Run bindep + shell: |- + . {{ ansible_user_dir }}/test-python/bin/activate + {{ tripleo_ipa_project_path }}/scripts/bindep-install + become: true + - name: Ensure a recent version of pip is installed in virtualenv pip: name: "pip>=19.1.1"