Ubuntu bionic (18.04) provides python3.6, lets write a tox job to also
support it.
Change-Id: I7104a2bdc1e568bf83c618bc2127f8622e6ceba9
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
With the release of fedora-28, the default locations for
fedora-update.repo have changed. We still need to support fedora-27
until fedora-29 is released.
Change-Id: I8eacd659cf18a8dc571aea6531483610fcd91d1a
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Using become_user only works if either the ansible_user is root
or pipeling is enabled. Use become instead to avoid the dependency
on pipelining being enabled.
Change-Id: I2ca65ab38b51d4949295674abfe594ce26fe35a1
The ability to read and write the inventory is privileged and requires
you are running in a trusted context. This makes testing the
validate-host role difficult as it reads the inventory file and writes
it to the job log dir.
Make a new role called log-inventory that will allow us to eventually
remove this task from validate-host enabling better testing of validate
host. Also this will allow us to log the inventory in the post-run
logging activity.
Change-Id: I4098fd140484bc54dc95b5f4c51afb1c56c7b19c
The role to distribute the build ssh key to a user uses the "copy"
module in combination with become_user. When the target user is not
root, this does not work because the ansible user is not root
either and "copy" is not compatible with pipelining:
http://docs.ansible.com/ansible/latest/user_guide/become.html#becoming-an-unprivileged-user
To solve the issue run the copy as root and set the owner of the
target file. Use the "user" module to resolve "~" to the target user
home directory.
Change-Id: Ic66eb2b14bc55a412dfa73aa0722cd59887a4e83
Today the mirror system in openstack-infra isn't properly setup to
mirror debian-security. Until we can fix this, switch to the upstream
URL.
Change-Id: Icfa7dc874d14de245927d461595f90b9dacc7825
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
As of pip10 pip is no longer promising external stable apis (they never
really did anyways just failed to annotate the source as such). As a
result our use of direct pip internals breaks under pip10.
We replace this with a fork and exec of pip instead as the command line
is a stable api. We were already doing this anyways so shouldn't cause
anything to run slower and should be more reliable as an api.
Note that we also remove the import of pip as this does an unexpected
thing and uses pip outside of the virtualenv rather than pip inside the
virtualenv. Since we are only forking pip inside the virtualenv now we
don't need to check for external pip.
Change-Id: Ib2628003995530881d297782f044dfc8a1c72d08
The variable is defined by the ensure-sphinx role so it can be used with
the job.
Change-Id: Ieb6a96f84e64f8a377483437f754e809012762f5
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
This adds a deprecation notice to the README and a debug task that
prints a deprecation notice.
The role is still expected to work but will eventually be removed in
favor of the ara-report role.
This deprecation will be announced on openstack-dev and zuul-announce.
Depends-On: https://review.openstack.org/#/c/557818/
Change-Id: If25e7c7b93cfd1588233fec299a31ad3ce3a873f
The 'linters' tox environment was not running on roles, it was only
running on playbooks. This change adds a command to the linters
environment to ensure all roles are linted.
Since these weren't being linted, there were some problems with them.
The first was a warning about usage of the shell module. Both of these
usages seemed appropriate, so this patch adds a skip_ansible_lint tag to
each task that was failing. The second is a warning "no action detected
in task" for zuul modules. This is due to the fact that the linter
cannot find the custom module. One option is to set the ANSIBLE_LIBRARY
path to point to the zuul ansible library directory[1], but the linter
virtualenv does not actually have zuul installed. Instead, we just
disable the linter for the failing tasks.
This also cleans up a comment in the tox file that was referring to a
nonexistent zuul job.
[1] https://github.com/willthames/ansible-review/issues/16
Change-Id: Ie49da9a09733b623bb25c5a4c8aa07eacacf4b33
So that it is possible to debug this role, add a flag which disables
setting no_log on the synchronize task.
Change-Id: Ie433ada5ff6cb15b68f19e8678244af9ce9faa13
Depends-On: https://review.openstack.org/556881
The current logic uninstalls all detected siblings first, then it
executes a single install with all of the detected sibling git repos.
If one sibling (A) depends on another sibling (B), then the commands:
pip uninstall A
pip uninstall B
pip install ../A ../B
Will result in pip finding B in the requirements list for ../A and
re-installing the released version, then considering the requirement
satisfied when it gets to ../B and not installing it.
To solve that, do the uninstall and reinstall in a single-project loop
for each sibling. This results in:
pip uninstall A
pip install ../A
pip will find B in ../A's requirements, but B will already be installed
because it hasn't been uninstalled yet, so nothing will happen. Then:
pip uninstall B
pip install ../B
Which will result in both ../A and ../B being installed.
As if that wasn't enough, if A and B happen to appear in the opposite
order, doing:
pip uninstall B
pip install ../B
pip uninstall A
pip install ../A
Will wind up with pip uninstalling ../B and installing B if the version
requested for B is greater than the version reported by ../B (which is
the case for openstack projects operating from master after a release
but before the first release of the next cycle)
In order to combat that, do a second installation pass with --no-deps.
This way the first pass will be sure to get any transitive dependency
changes, but the second pass will ensure all the siblings are installed
instead of their non-git versions.
pip uninstall B
pip install ../B
pip uninstall A
pip install ../A
pip install --no-deps ../B
pip install --no-deps ../A
Change-Id: I060e188313391de7847adf851566468c4b032342
We are going to provide support the ARA sqlite middleware which
provides the ability for an ARA web application to dynamically load
databases, eliminating the need for HTML generation.
HTML generation does not scale very well: it's orders of magnitude
larger than the database file containing the data and it also takes
a significant amount of time to generate the report.
It would be awkward to add dynamic database things into a role called
"emit-ara-html" and so I took the opportunity to refactor things a
little bit and make the role less prone to failures.
Note that this role was developed with the nested Ansible use case in
mind -- a job running it's own copy of Ansible with ARA should be able
to use this role to generate the report or save the database.
This role will be tested with 'base-test' first and it is expected to
make the 'emit-ara-html' role obsolete if everything works well.
Change-Id: Idedc0bfa1f0f89356b795fb9e2a16f9421a2dc18
Depends-On: I3b10c93b4902a9b45e23c227863e472697f662ef
This is breaking project-config, and some reason we didn't catch it in
testing. We should look into why that is.
Change-Id: I994484cdb28297fdff8c52ccf7455733584cd8ae
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
The role today only adds known hosts for the zuul user.
This replicates what d-g does today by adding a default known_hosts
file which applies to all users.
We csnnot remove the original task that adds for the zuul user since
there's a unit test in openstack-zuul-jons that expects that.
Depends-on: https://review.openstack.org/550425/
Change-Id: I54d4d975fa54cbb6df7dbed525211ab5c2cd6754
This currently fails with "Error 'nodepool' is undefined".
REmove nodepool line completely for now.
Change-Id: I134079a6118c8825fa91920c0f12c2d2789361a5
Load the variables from an architecture specific file first --
ansible's ansible_architecture fact for arm64 is aarch64 (it's all
confusing, Ubuntu calls it arm64). Add this file that sets up the
repo as "ubuntu-ports", which is our mirror of ports.ubuntu.com
Change-Id: Ieb50ae29c7f822e831ef1e32fdd03f74a93e298a
Built content and source tarballs are different. Have a role that
handles uploading built content.
Append -content to the tarball so that a project can publish both a
source tarball and a built content tarball without stepping on each
other.
Change-Id: I33dff8080018bda281a00e648468de80d3ecd679
The version-from-git role doesn't properly handle tag-less repos. Update
it to handle that case too.
Change-Id: I358037fd34f5dc202a6761b9e6f81bbe7870f3f2
After fixing the copy-build-sshkey role, using it again in
multinode job pre.
This reverts commit ace4db4b04fd1eb71411d079524fded8189a72aa.
Change-Id: Id59216ce7dd62ff604ddf2c2c1cf27c4dca0deb0
Run the first task in the block, with become_user since the zuul
user may not access a generic use .ssh folder.
Depends-on: https://review.openstack.org/550091
Change-Id: I4ce120412079fe92502eee5310a03664aa55d5ce
