The "Start the buildset registry" task, which uses the
docker_container Ansible module, was failing with:
"No module named 'requests'"
This is because the earlier package install task was installing
the packages into the wrong python version because the
ansible_python_interpreter value was 'auto' and thus never
included the 'python3' value.
Change-Id: I887fdf8d000c8b916fdab281c531b7c98bdd5ae2
This implements the production change
I98c80f657f38c5e1ed5f28e5d36988a3429ad1f8 in the test role. Review
comments should be left there; we can merge this and then parent a job
to base-test to test it.
Change-Id: Id91350ff1c531fd7266f3bf76681a8415941481f
By doing this, we're not constrained about where to run the uploader
while still providing some useful testing in dry-run mode.
Change-Id: Ie4888606a8ca4ffe2eb99ddbbcd9d5cee8ceec44
We don't need to be explicit, ssh-keygen will pick a good size for us.
Meanwhile, 1024 bit keys are generally seen as security problems and
thus ring bells and are refused by some servers/services.
Change-Id: Iaea82e0b394a5a6b1da3b59637fc4e0f541e1978
If we want to run a second registry on a different port, we'll need
a different name for the docker container.
Change-Id: I887d9015c0d21e6d7f95379e6fa7fb4211e58d3d
This will allow us to run the role twice on the same host. This
will be useful when we test changes to this role.
Change-Id: I97baeb3172298648bcfef26c5be635ad4be036f0
The proxy functionality is no longer needed so it is removed.
Change-Id: I29ff75d331b433ea4ad3b66ed723eee14a90b404
Depends-On: https://review.opendev.org/689829
Change new variable zuul_additional_subunit_dirs to
fetch_subunit_output_additional_dirs to name it after the role.
Change-Id: I7ac0b5d343701409a8741439334fe27f5374a258
Per settings mentioned at: https://minikube.sigs.k8s.io/docs/tasks/debug/
The current logging level is very minimal for tracking down any
potential k8s issues.
Change-Id: I4ebd694481de936f9df790a46e195b251a803c5f
In addition to the main subunit file from zuul_work_dir,
collect the subunit files from the elements (directories)
of the zuul_additional_subunit_dirs list.
The default behavior is unchanged.
While the documentation of this role states that zuul_work_dir
contains an absolute path, this is not always true.
So make sure to not make any assumption about zuul_work_dir
in order to not fail spectacularly as it happened with the
previous patch[0].
Add also some tests for the role: both the basic case
and with an additional test directory.
[0] https://review.opendev.org/673885
Change-Id: Iabf2e0cf6d86e36a174778367186bbd39a65c3dd
This keeps each platform's "/etc" template files in a separate
top-level directory.
Additionally, we add a distro major version match to the task import
and rename centos7 (in preparation for centos8).
Change-Id: If65d51a27e30311b1da20522afb6dbce7ee6cf35
We've discovered that rackspace swift seems to always want to gzip
encode files when clients request their contents. When our files are
deflate encoded this results in files that are first deflate encoded
then gzip encoded. Not all browers or layer 7 firewalls can handle this
(despite being perfectly valid according to the HTTP RFCs). We'll use
gzip to see if that causes rackspace to not double encode the files.
To do this with memory efficienty we vendor a tool from pypi called
gzip-stream which allows us to read chunks of the compressed data at a
time without loading the entire file into memory or writing multiple
gzip headers in a single file.
Change-Id: I9483cfdbd8e7d0683eeb24d28dd6d8b0c0e772fa
This creates a testing role for upload-logs-swift so that we can test
chagnes to this role before moving them into the production role.
Change-Id: If55b0e2809d9309bc98e6763da32219d996dbfa4
We continue to see the odd task rc of -13 when running iptables-save to
store persistent set of firewall rules. Switch to shell to give us a bit
more debugging freedom if necessary (and to rule out the command
module).
Change-Id: I0c0208101cad985d4113de6b636c3816613b778c
This reverts commit 46b7b6e1c98a8b12647be4b30b5b54405379d6ec.
This didn't end up changing the incidence of the iptables-save command
task failures.
Change-Id: I02e725d7330bc9b438a9864ea49510cca7fee524
The href url paths need to have quoted filenames to handle cases where
filenames have special characters like : in them.
Change-Id: I0bc0de8d27c6e45c4a6b8841985b8265f0219df2
Previously to persist the filewall we were including the
persistent-firewall role. This seems to occasionally break because the
second invocation of the role (on multinode jobs after setting up the
multinode bridge) fails with an RC of -13 when listing ipv4 iptables
roles. Then when we try to write them to disk the variable is empty.
One thought is that dynamically loading the role multiple times may be
confusing ansible. Use import_role to statically load the role instead
and see if this helps.
Change-Id: I2458f8eb4c2e4638336fa14e436e13b5a2263cce
In openSUSE Tumbleweed, the SuSEfirewall2 package was removed in favor
of firewalld[1]. This commit updates the iptables persistance tasks to
avoid using SuSEfirewall2 and instead use rc.local to restore saved
rules upon restart, and undefines the iptables_service variable for SUSE
since there is no service to restart any more. See the related change
for image builds[2].
[1] https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html
[2] https://review.opendev.org/683236
Change-Id: I0f8d74dd00df192c20b96a9368b964839c306171
The argument here is an integer "limit", not the exception.
I think that we only notice this on Python 3 because of exception
chaining. It causes a real failure though because the exception
handler that is meant to fall into "pass" raises another exception
when ipv6 doesn't work.
Change-Id: I0908a0a3dbb2356caabbffd062379751a0b61c41
Under Python3, subprocess.check_output returns binary data,
convert to utf-8 so that it runs under both Python2 and 3.
Using decode works with both Py2 and Py3.
Note that in other places, we already convert the output of check_output
with decode, this change follows that pattern.
Change-Id: I727a2368233473f57978ba24947f6d861b02f7da
We should make it easy for users to view console logs by default.
Today, we compress and upload logs and by default apache / nginx will
not properly display them as plain text. This commit changes the
default to not compress, but allows more advanced users to enable this
logic. As mostly likley it also means additional configuration for
your web server.
Change-Id: Ic446db4f85e2098db8fa4568f8c5140ba564e931
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
We have been getting HTTP 401 unauthorized errors at the rate of about
once a day when trying to get containers in the swift logs role.
Manually getting and posting objects to the same container after the
jobs fail seems to work so this appears to be a transient failure.
Attempt to workaround this by retrying the container get calls several
times.
Change-Id: Ia7395ffa0b120fbbecde0c9bb6e8583078167143
The old code will log swift upload tracebacks via logging.exception()
which doesn't seem to bubble back up into ansible's logging. We address
this by using traceback.format_exc() to format an exception traceback
string which we pass to ansible's module.fail_json().
Change-Id: I524bd0d5a9529011cffb6d09866b22b2c97fab7d
