This change uses the ara_report_run variable to toggle the database copy.
Otherwise, when ara_report_run is set to 'failure', then the report is
still created if the job succeed
Change-Id: I722a2bff82af2a37fbdec49b2bfd1ad95059ecbe
It seems that there has been a recent change where the PATH used
has changed somehow. This adds it and make sure that it covers
all 3 major distros location where `ip` is stored.
Change-Id: Ic3c255bd24d1202fec436d4fcc484ce420110518
The file module with recurse goes to the bad place when the content has
a symlink to '.'. Rather than fighting it - just use chmod -R, which
does what we want.
Change-Id: Id3e23e67727d8ac7f29c87d6865b54dc729ccaf4
The npm test run can optionally create an html coverage report.
This change causes the post job to check if the directory exists,
and if so also collect the coverage report with the npm logs.
Change-Id: I7cc50c352c3feeed283888cbe7f02c6b1264b7b0
Define a release_python variable that users of the
build-python-release role can override to set which version of python
they are using for building sdists and wheels.
Change-Id: I1502c572304000fab45a43e1a6d674f5aa7e9a9e
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
The zuul multi-tenant dashboard job wants to make a few symlinks to
simulate what would happen on a real deployment with rewrite rules. The
current hard-coded behavior of copying the links causes ... havoc.
Add a job variable defaulting to the current behavior which such jobs
can flip if they need to.
Change-Id: I751524baa80353606d74b87dbaacfe7cd8b71a5e
Include the resolution of the hostname to the private IPv4 for all
hosts in multinode setups.
Currently we only setup the inventory name, which is not enough
since qemu relies on the hostname for live migration.
Change-Id: I717f5f8b5b803abe874bea498fd07f5508cc7214
This change fixes this upcoming deprecation warning:
[DEPRECATION WARNING]: Using tests as filters is deprecated. Instead of using
`result|skipped` instead use `result is skipped`. This feature will be removed
in version 2.9.
Change-Id: Ic0c93f2ea896ead76922694e6150882d8a280daf
Some openstack packages show up in the requirements list under a
hyphenated name while their package metadata name contains only
underscores. (For example, the glance_store library is listed in
requirements as 'glance-store'.) This is causing problems for the
tox_install_sibling_packages task run by zuul. Pip is able to handle
this situation [0]; add code so the ansible task can handle it too.
[0] http://paste.openstack.org/show/722298/
Change-Id: I89ad9926647a011174815761e79372f2d7d43609
Needed-by: https://review.openstack.org/#/c/569225/
Closes-bug: #1774030
When python setup.py --name is run in ansible/ansible currently, a
warning is printed:
UserWarning: Normalizing '2.7.0dev0' to '2.7.0.dev0' normalized_version
With stderr=stdout, this goes into the package name causing sibling
detection to not work.
The stderr is not interesting to us from this command, so ignore it.
Change-Id: I38ea21960932dbddcac1b828e95a0cf963c3b94c
We're trying to move away from the legacy pbr 'build_sphinx' command.
However, without the relevant section in the 'setup.cfg' file, we have
no way to determine if the user wishes to use the '-W'
(warning-is-error) flag when building docs. The current behavior for
this is to default to False, meaning documentation for projects that
previously used the pbr functionality to enable warning-is-error is
liable to slowly break as time passes.
To resolve this, default to True for packages with no [build_sphinx]
section in setup.cfg. This ensures that projects migrating to the new
PTI (which, when fully implemented, involves removing the [build_sphinx]
section from setup.cfg) will be forced to fix any warnings prior to the
migration. However, packages that have not been converted will not be
broken. Only pacakges that have already fully switched over to the new
PTI but which did not have warning-is-error enabled are at risk of
unexpected breakage, but even for those the short-term pain should
ultimately be outweighed by the long-term gain.
Change-Id: I677afef96370ead5a45cba854ba483f18a8d1247
Ubuntu bionic (18.04) provides python3.6, lets write a tox job to also
support it.
Change-Id: I7104a2bdc1e568bf83c618bc2127f8622e6ceba9
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
With the release of fedora-28, the default locations for
fedora-update.repo have changed. We still need to support fedora-27
until fedora-29 is released.
Change-Id: I8eacd659cf18a8dc571aea6531483610fcd91d1a
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Using become_user only works if either the ansible_user is root
or pipeling is enabled. Use become instead to avoid the dependency
on pipelining being enabled.
Change-Id: I2ca65ab38b51d4949295674abfe594ce26fe35a1
The ability to read and write the inventory is privileged and requires
you are running in a trusted context. This makes testing the
validate-host role difficult as it reads the inventory file and writes
it to the job log dir.
Make a new role called log-inventory that will allow us to eventually
remove this task from validate-host enabling better testing of validate
host. Also this will allow us to log the inventory in the post-run
logging activity.
Change-Id: I4098fd140484bc54dc95b5f4c51afb1c56c7b19c
The role to distribute the build ssh key to a user uses the "copy"
module in combination with become_user. When the target user is not
root, this does not work because the ansible user is not root
either and "copy" is not compatible with pipelining:
http://docs.ansible.com/ansible/latest/user_guide/become.html#becoming-an-unprivileged-user
To solve the issue run the copy as root and set the owner of the
target file. Use the "user" module to resolve "~" to the target user
home directory.
Change-Id: Ic66eb2b14bc55a412dfa73aa0722cd59887a4e83
Today the mirror system in openstack-infra isn't properly setup to
mirror debian-security. Until we can fix this, switch to the upstream
URL.
Change-Id: Icfa7dc874d14de245927d461595f90b9dacc7825
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
As of pip10 pip is no longer promising external stable apis (they never
really did anyways just failed to annotate the source as such). As a
result our use of direct pip internals breaks under pip10.
We replace this with a fork and exec of pip instead as the command line
is a stable api. We were already doing this anyways so shouldn't cause
anything to run slower and should be more reliable as an api.
Note that we also remove the import of pip as this does an unexpected
thing and uses pip outside of the virtualenv rather than pip inside the
virtualenv. Since we are only forking pip inside the virtualenv now we
don't need to check for external pip.
Change-Id: Ib2628003995530881d297782f044dfc8a1c72d08
The variable is defined by the ensure-sphinx role so it can be used with
the job.
Change-Id: Ieb6a96f84e64f8a377483437f754e809012762f5
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
This adds a deprecation notice to the README and a debug task that
prints a deprecation notice.
The role is still expected to work but will eventually be removed in
favor of the ara-report role.
This deprecation will be announced on openstack-dev and zuul-announce.
Depends-On: https://review.openstack.org/#/c/557818/
Change-Id: If25e7c7b93cfd1588233fec299a31ad3ce3a873f
The 'linters' tox environment was not running on roles, it was only
running on playbooks. This change adds a command to the linters
environment to ensure all roles are linted.
Since these weren't being linted, there were some problems with them.
The first was a warning about usage of the shell module. Both of these
usages seemed appropriate, so this patch adds a skip_ansible_lint tag to
each task that was failing. The second is a warning "no action detected
in task" for zuul modules. This is due to the fact that the linter
cannot find the custom module. One option is to set the ANSIBLE_LIBRARY
path to point to the zuul ansible library directory[1], but the linter
virtualenv does not actually have zuul installed. Instead, we just
disable the linter for the failing tasks.
This also cleans up a comment in the tox file that was referring to a
nonexistent zuul job.
[1] https://github.com/willthames/ansible-review/issues/16
Change-Id: Ie49da9a09733b623bb25c5a4c8aa07eacacf4b33
So that it is possible to debug this role, add a flag which disables
setting no_log on the synchronize task.
Change-Id: Ie433ada5ff6cb15b68f19e8678244af9ce9faa13
Depends-On: https://review.openstack.org/556881
The current logic uninstalls all detected siblings first, then it
executes a single install with all of the detected sibling git repos.
If one sibling (A) depends on another sibling (B), then the commands:
pip uninstall A
pip uninstall B
pip install ../A ../B
Will result in pip finding B in the requirements list for ../A and
re-installing the released version, then considering the requirement
satisfied when it gets to ../B and not installing it.
To solve that, do the uninstall and reinstall in a single-project loop
for each sibling. This results in:
pip uninstall A
pip install ../A
pip will find B in ../A's requirements, but B will already be installed
because it hasn't been uninstalled yet, so nothing will happen. Then:
pip uninstall B
pip install ../B
Which will result in both ../A and ../B being installed.
As if that wasn't enough, if A and B happen to appear in the opposite
order, doing:
pip uninstall B
pip install ../B
pip uninstall A
pip install ../A
Will wind up with pip uninstalling ../B and installing B if the version
requested for B is greater than the version reported by ../B (which is
the case for openstack projects operating from master after a release
but before the first release of the next cycle)
In order to combat that, do a second installation pass with --no-deps.
This way the first pass will be sure to get any transitive dependency
changes, but the second pass will ensure all the siblings are installed
instead of their non-git versions.
pip uninstall B
pip install ../B
pip uninstall A
pip install ../A
pip install --no-deps ../B
pip install --no-deps ../A
Change-Id: I060e188313391de7847adf851566468c4b032342
We are going to provide support the ARA sqlite middleware which
provides the ability for an ARA web application to dynamically load
databases, eliminating the need for HTML generation.
HTML generation does not scale very well: it's orders of magnitude
larger than the database file containing the data and it also takes
a significant amount of time to generate the report.
It would be awkward to add dynamic database things into a role called
"emit-ara-html" and so I took the opportunity to refactor things a
little bit and make the role less prone to failures.
Note that this role was developed with the nested Ansible use case in
mind -- a job running it's own copy of Ansible with ARA should be able
to use this role to generate the report or save the database.
This role will be tested with 'base-test' first and it is expected to
make the 'emit-ara-html' role obsolete if everything works well.
Change-Id: Idedc0bfa1f0f89356b795fb9e2a16f9421a2dc18
Depends-On: I3b10c93b4902a9b45e23c227863e472697f662ef
