* Reworked tox pep8 into linters job, that runs:
- pep8
- bandit
- bashate
- doc8
- yamllint
- ansible-lint (validate-all-files.py + ansible-lint)
* Skip E701 - missing galaxy_info in meta and E602 see [1].
* Skip E301 and E503 - followup later in a separate change
* Added ansible-role-jobs to zuul.d/project.yaml which will run
openstack-tox-linters job in check queue
* Fixed remaining style issue
* Made tox and docs reference the new env for linters
* Dropped pype environment (not supported)
[1]: https://github.com/ansible/ansible-lint/issues/457
Change-Id: I494b4b151804aac8173120e6c6e42bc2fdb00234
W503 and W504 are incompatible and we need to choose one of them.
Existing codes follows W503, so we disable W504.
Change-Id: Ic745e956dd332eb0fa49b93c1e6acb12f8a7f26c
The RabbitMQ 'openstack' user has the 'administrator' tag assigned via
the RabbitMQ definitions.json file.
Since the Train release, the nova-cell role also configures the RabbitMQ
user, but omits the tag. This causes the tag to be removed from the
user, which prevents it from accessing the management UI and API.
This change adds support for configuring user tags to the
service-rabbitmq role, and sets the administrator tag by default.
Change-Id: I7a5d6fe324dd133e0929804d431583e5b5c1853d
Closes-Bug: #1875786
The refactor in change I500cc8800c412bc0e95edb15babad5c1189e6ee4
broke the task `Enable Monasca Grafana datasource for control
plane organisation`. This change fixes the brackets.
Change-Id: I9167a312be107fbfddfd07740f67845c2eaafc3d
Closes-Bug: 1878878
Keystone was not loading the correct mod_ssl library in centos 8
deployment.
Change-Id: I604d675ba7ad28922f360fdc729746f99c1507b4
Partially-Implements: blueprint add-ssl-internal-network
This patch introduces an optional backend encryption for the Barbican
API service. When used in conjunction with enabling TLS for service API
endpoints, network communcation will be encrypted end to end, from
client through HAProxy to the Barbican service.
Change-Id: I62a43b36ebe4a03230bf944980b45e4b6938871b
Partially-Implements: blueprint add-ssl-internal-network
flake8 new release 3.8.0 added new checks and gate pep8
job start failing. hacking 3.0.1 fix the pinning of flake8 to
avoid bringing in a new version with new checks.
Though it is fixed in latest hacking but 2.0 and 3.0 has cap for
flake8 as <4.0.0 which mean flake8 new version 3.9.0 can also
break the pep8 job if new check are added.
To avoid similar gate break in future, we need to bump the hacking min
version.
- http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014828.html
Change-Id: I4b11eaad9eac9985342a00e583f16e379a2ad04a
Ansible 2.9.8 includes a regression on the fileglob plugin [1] that
causes the HAProxy role to fail.
This change blacklists Ansible 2.9.8 to work around the issue.
[1] https://github.com/ansible/ansible/issues/69450
Change-Id: I12ca3b154fc7fed6a221880596e0acb5f6278bb7
Related-Bug: #1878192
This provides a generic mechanism to include extra files
that you can reference in prometheus.yml, for example:
scrape_targets:
- job_name: ipmi
params:
module: default
scrape_interval: 1m
scrape_timeout: 30s
metrics_path: /ipmi
scheme: http
file_sd_configs:
- files:
- /etc/prometheus/extras/file_sd/ipmi-exporter-targets.yml
refresh_interval: 5m
Change-Id: Ie2f085204b71725b901a179ee51541f1f383c6fa
Related: blueprint custom-prometheus-targets
This provides a mechanism to scrape targets defined outside of kolla-ansible.
Depends-On: https://review.opendev.org/#/c/685671/
Change-Id: I0950341b147bb374b4128f09f807ef5a756f5dfa
Related: blueprint custom-prometheus-targets
This allows you to extend lists in yaml config. This is useful, for
example, in prometheus.yml, where it would be nice to be able to
extend the scrape_configs to include exporters that aren't packaged
with kolla-ansible. This would provide a mechanism to do so.
Change-Id: I7a10e363f42e8ffaae3c0d2c2a758853e2cab7e1
Related: blueprint custom-prometheus-targets
This causes non-local side effects that are hard to track down. E.g:
--- import errors ---
Failed to import test module: tests.test_merge_yaml
Traceback (most recent call last):
File "/home/will/.pyenv/versions/3.7.7/lib/python3.7/unittest/loader.py", line 436, in _find_test_path
module = self._get_module_from_name(name)
File "/home/will/.pyenv/versions/3.7.7/lib/python3.7/unittest/loader.py", line 377, in _get_module_from_name
__import__(name)
File "/home/will/code/kolla-ansible/tests/test_merge_yaml.py", line 19, in <module>
from ansible.errors import AnsibleModuleError
ModuleNotFoundError: No module named 'ansible.errors'; 'ansible' is not a package
This `'ansible' is not a package` message occurs because ansible is a Mock.
Depends-On: https://review.opendev.org/#/c/726768/
Change-Id: Iddbdd3d855daadbf12536cc990559e6b8e123051
The removal of Kolla Ceph deploy [1] broke gnocchi & external Ceph
integration - the variable gnocchi_pool_name is referenced in the config
template, but should now be ceph_gnocchi_pool_name.
This change fixes the issue.
Reported by Nick Wilson.
[1] https://review.opendev.org/#/c/704309/12/ansible/roles/gnocchi/defaults/main.yml
Change-Id: I7089781c0c4d7bce8a44cb8b1fca847dd0b7efd1
Closes-Bug: #1877974
install sg3-utils-udev if multipath is enabled, else SCSI_IDENT*
vars are missing in udev.
Closes-Bug: 1877509
Change-Id: Ib205f3cdb775c9cfa719325f702f4fad196d346b
Nova cells support introduced a slight regression that triggers
odd behaviour when we tried switching to Apache (httpd) [1].
Bootstrap no longer applied permissions recursively to all log
files, creating a discrepancy between normal and bootstrap runs
and also Nova and other services such as Cinder (regarding
bootstrap logging).
This patch fixes it.
Backport to Train.
Not creating reno nor a bug record because it does not affect
any current standard usage in any currently known way.
Note this only really hides (standardizes?) the global issue that
we don't control file permissions on newly created files too well.
[1] https://review.opendev.org/724793
Change-Id: I35e9924ccede5edd2e1307043379aba944725143
Needed-By: https://review.opendev.org/724793
This note refers to configuration changes done in
I626dc7afe9eabfbeb6c08137a3e6bbeebde2b332.
Change-Id: I75a37b9d3b28964f353977baa3a9f49fc424d866
Closes-Bug: #1876985