Fix lint and molecule jobs after release of cryptography3.4

Molecule job fails with:

ModuleNotFoundError: No module named 'setuptools_rust'

This error appeared following the release of cryptography 3.4, which
now includes Rust code. It can be installed without Rust using a
Python wheel, but only with more recent pip than version 9.0.3
available as RPM on CentOS 8.

The cryptography bug report [1] recommends pip>=19.1.1

The new pip is not supported on Python 2 / CentOS 7, so this change
also upgrades to CentOS 8 images.

This change also upgrades and fixes the ansible-lint job dependencies
and configuration.

[1] https://github.com/pyca/cryptography/issues/5753

Change-Id: I923020e7ec1f2ecbd7089096f22dd92fb36254a5

.ansible-lint

@@ -0,0 +1,8 @@
+skip_list:
+  - experimental  # all rules tagged as experimental
+  - no-changed-when  # Commands should not change things if nothing needs doing
+
+warn_list:
+  - literal-compare  # Don't compare to literal True/False
+  - unnamed-task  # All tasks should be named
+  - var-spacing  # Variables should have spaces before and after:  {{ var_name }}

.pre-commit-config.yaml

@@ -25,9 +25,11 @@ repos:
         types: [file, yaml]
         entry: yamllint --strict -f parsable
   - repo: https://github.com/ansible/ansible-lint
-    rev: v4.1.1a2
+    rev: v4.3.5
     hooks:
       - id: ansible-lint
+        additional_dependencies:
+          - 'ansible<2.10'
         files: \.(yaml|yml)$
         entry: >-
           ansible-lint --force-color -v -x "ANSIBLE0006,ANSIBLE0007,ANSIBLE0010,ANSIBLE0012,ANSIBLE0013,ANSIBLE0016"

tox.ini

@@ -1,4 +1,5 @@
 [tox]
+basepython = python3
 minversion = 2.0
 # add docs to the list of environments once we actually have docs to generate
 envlist = py36,pep8,molecule,linters
@@ -31,7 +32,7 @@ commands = molecule test --all
 [testenv:ansible-lint]
 deps = {[testenv:linters]deps}
 commands =
-  ansible-lint {toxinidir}/tripleo_ipa
+  ansible-lint -c .ansible-lint {toxinidir}/tripleo_ipa
 
 [testenv:yamllint]
 deps = {[testenv:linters]deps}
@@ -39,7 +40,12 @@ commands =
   yamllint -c {toxinidir}/tripleo_ipa/.yamllint {toxinidir}/tripleo_ipa
 
 [testenv:linters]
+setenv =
+  ANSIBLE_FILTER_PLUGINS={toxinidir}/tripleo_ipa/ansible_plugins/filter
+  ANSIBLE_LIBRARY={toxinidir}/tripleo_ipa/roles.galaxy/config_template/library:{toxinidir}/tripleo_ipa/ansible_plugins/modules
+  ANSIBLE_ROLES_PATH={toxinidir}/tripleo_ipa/roles.galaxy:{toxinidir}/tripleo_ipa/roles
 deps =
+   -r {toxinidir}/ansible-requirements.txt
    -r {toxinidir}/test-requirements.txt
 commands =
   {[testenv:ansible-lint]commands}

tripleo_ipa/molecule/default/Dockerfile

@@ -22,7 +22,7 @@ FROM {{ item.image }}
 {% endif %}
 
 RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
-    elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \
+    elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \
     elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
     elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \
     elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \

tripleo_ipa/molecule/default/molecule.yml

@@ -5,9 +5,11 @@ driver:
 log: true
 
 platforms:
-  - name: centos7
+  - name: centos8
     hostname: test-0.example.test
-    image: centos:7
+    image: centos/centos:centos8
+    registry:
+      url: quay.io
     security_opts:
       - seccomp=unconfined
     command: /sbin/init
@@ -16,10 +18,9 @@ platforms:
       - /tmp
     volumes:
       - /sys/fs/cgroup:/sys/fs/cgroup:ro
+      - /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
     dockerfile: Dockerfile
     network_mode: host
-    easy_install:
-      - pip
     environment: &env
       http_proxy: "{{ lookup('env', 'http_proxy') }}"
       https_proxy: "{{ lookup('env', 'https_proxy') }}"
@@ -32,6 +33,12 @@ provisioner:
     ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH:-/usr/share/ansible/roles}:${HOME}/zuul-jobs/roles"
     ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}"
     ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-/usr/share/ansible/plugins/filter}"
+  inventory:
+    hosts:
+      all:
+        hosts:
+          centos8:
+            ansible_python_interpreter: /usr/bin/python3
 
 scenario:
   test_sequence:

tripleo_ipa/molecule/default/prepare.yml

@@ -61,7 +61,7 @@
         -h ipa.{{ domain }}
         --read-only --tmpfs /run --tmpfs /tmp
         -v /sys/fs/cgroup:/sys/fs/cgroup:ro
-        -v /tmp/ipa-data:/data:Z freeipa/freeipa-server:fedora-28 exit-on-finished
+        -v /tmp/ipa-data:/data:Z freeipa/freeipa-server:fedora-28 no-exit
         -U -r {{ domain | upper }} --setup-dns --no-reverse --no-ntp
         --forwarder={{ unbound_primary_nameserver_v4 | default('1.1.1.1') }}
         --forwarder={{ unbound_secondary_nameserver_v4 | default('8.8.8.8') }} &
@@ -72,3 +72,22 @@
         search_regex: "(INFO The ipa-server-install command was successful|ERROR The ipa-server-install command failed)"
         timeout: 900
       become: true
+
+    - name: Wait for FreeIPA LDAP port to open
+      wait_for:
+        host=172.18.0.22
+        port=389
+        delay=1
+        timeout=300
+      ignore_errors: true
+
+    - name: Check the status of ipactl to make sure all services are started
+      command: "docker exec freeipa-server-container ipactl status"
+      retries: 10
+      delay: 3
+      register: result
+      until: result.rc == 0
+
+    - name: Print ipactl status
+      debug:
+        msg: "{{result.stdout}}"

tripleo_ipa/molecule/deregister/Dockerfile

@@ -22,7 +22,7 @@ FROM {{ item.image }}
 {% endif %}
 
 RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
-    elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \
+    elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \
     elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
     elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \
     elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \

tripleo_ipa/molecule/deregister/converge.yml

@@ -274,5 +274,5 @@
     - include_role:
         name: tripleo_ipa_cleanup
       vars:
-        tripleo_ipa_hosts_to_delete: [ 'test-1.example.test' ]
+        tripleo_ipa_hosts_to_delete: ['test-1.example.test']
         tripleo_ipa_keytab: "/etc/novajoin/krb5.keytab"

tripleo_ipa/molecule/deregister/molecule.yml

@@ -5,9 +5,11 @@ driver:
 log: true
 
 platforms:
-  - name: centos7
+  - name: centos8
     hostname: test-0.example.test
-    image: centos:7
+    image: centos/centos:centos8
+    registry:
+      url: quay.io
     security_opts:
       - seccomp=unconfined
     command: /sbin/init
@@ -16,10 +18,9 @@ platforms:
       - /tmp
     volumes:
       - /sys/fs/cgroup:/sys/fs/cgroup:ro
+      - /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
     dockerfile: Dockerfile
     network_mode: host
-    easy_install:
-      - pip
     environment: &env
       http_proxy: "{{ lookup('env', 'http_proxy') }}"
       https_proxy: "{{ lookup('env', 'https_proxy') }}"
@@ -32,6 +33,12 @@ provisioner:
     ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH:-/usr/share/ansible/roles}:${HOME}/zuul-jobs/roles"
     ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}"
     ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-/usr/share/ansible/plugins/filter}"
+  inventory:
+    hosts:
+      all:
+        hosts:
+          centos8:
+            ansible_python_interpreter: /usr/bin/python3
 
 scenario:
   test_sequence:

tripleo_ipa/playbooks/undercloud-ipa-install.yaml

@@ -73,7 +73,7 @@
         ipaadmin_password: "{{ ipa_server_password }}"
         ansible_user: "{{ undercloud_ansible_user }}"
         ansible_ssh_extra_args: "-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
-      no_log: True
+      no_log: true
 
     - name: Add host to ipaservers group
       add_host:
@@ -110,7 +110,7 @@
         stdin: "{{ ipa_server_password }}"
       register: kinit
       changed_when: kinit.rc == 0
-      no_log: True
+      no_log: true
 
     - name: setup the undercloud and get keytab
       include_role:

zuul.d/playbooks/pre.yml

@@ -15,6 +15,12 @@
       include_role:
         name: ensure-pip
 
+    - name: Ensure a recent version of pip is installed in virtualenv
+      pip:
+        name: "pip>=19.1.1"
+        virtualenv: "{{ ansible_user_dir }}/test-python"
+        virtualenv_command: "{{ ensure_pip_virtualenv_command }}"
+
     - name: Setup test-python
       pip:
         requirements: "{{ tripleo_ipa_project_path }}/molecule-requirements.txt"