x/tripleo-ipa
Code Issues Proposed changes

Use system installed ansible-freeipa instead of collections

Browse Source 
The RHEL suppplied ansible-freeipa RPM package installs the
modules at the default ansible module path and not as a
collection. This caused problems for the end user.

This also changes the linter job to run on CentOS, since
the ansible-freeipa package is not available on Ubuntu.

This also reverts commit 2cc09a2b68.
Reason for revert: We get this error:
 error={"msg": "template error while templating string:
 cannot import name 'environmentfilter' from 'jinja2.filters'
 (/usr/lib/python3.9/site-packages/ansible/_vendor/jinja2/filters.py)\n
  line 0. String: {{ 'A' if record_value | ansible.utils.ipv4
  else 'AAAA' }}"}

Change-Id: I7df25fb945da1d98c68fe4113a09afdc2f2c5687
This commit is contained in:
Grzegorz Grasza 2022-08-18 11:41:27 +00:00 committed by Ade Lee
parent c04991863b
commit e3afdf14b6
12 changed files with 98 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.ansible-lint
View File

@ -1,3 +1,6 @@
exclude_paths:
- ..
skip_list:
- experimental # all rules tagged as experimental
- no-changed-when # Commands should not change things if nothing needs doing

1
ansible-collections-requirements.yml
View File

@ -1,7 +1,6 @@
collections:
- containers.podman
- community.general
- freeipa.ansible_freeipa
- ansible.posix
- ansible.netcommon
- openstack.cloud

17
bindep.txt
View File

@ -18,20 +18,25 @@ gcc-c++ [platform:rpm]
git [platform:rpm]
libffi-devel [platform:rpm]
openssl-devel [platform:rpm]
podman [platform:rpm]
python-devel [platform:rpm !platform:rhel-8 !platform:centos-8]
python3-devel [platform:rpm !platform:rhel-7 !platform:centos-7]
PyYAML [platform:rpm !platform:rhel-8 !platform:centos-8]
PyYAML [platform:rpm !platform:rhel-8 !platform:centos-8 !platform:rhel-9 !platform:centos-9 !platform:fedora]
python3-pyyaml [platform:rpm !platform:rhel-7 !platform:centos-7]
python3-dnf [platform:rpm !platform:rhel-7 !platform:centos-7]
# For SELinux
libselinux-python [platform:rpm !platform:rhel-8 !platform:centos-8]
libsemanage-python [platform:redhat !platform:rhel-8 !platform:centos-8]
libselinux-python3 [platform:rpm !platform:rhel-7 !platform:centos-7]
libsemanage-python3 [platform:redhat !platform:rhel-7 !platform:centos-7]
# SELinux cent7
libselinux-python3 [platform:rpm !platform:rhel-8 !platform:centos-8]
libsemanage-python3 [platform:redhat !platform:rhel-8 !platform:centos-8]
# SELinux cent8
python3-libselinux [platform:rpm !platform:rhel-7 !platform:centos-7]
python3-libsemanage [platform:redhat !platform:rhel-7 !platform:centos-7]
# Required for compressing collected log files in CI
gzip
# Required to build language docs
gettext
# Install ansible-freeipa to default ansible path
ansible-freeipa [platform:redhat]

45
scripts/bindep-install Executable file
View File

@ -0,0 +1,45 @@
#!/usr/bin/env bash
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
## Shell Opts ----------------------------------------------------------------
set -o pipefail
set -xeuo
## Vars ----------------------------------------------------------------------
export BINDEP_FILE="${BINDEP_FILE:-$(dirname $(readlink -f ${BASH_SOURCE[0]}))/../bindep.txt}"
## Main ----------------------------------------------------------------------
# Source distribution information
source /etc/os-release || source /usr/lib/os-release
RHT_PKG_MGR=$(command -v dnf || command -v yum)
# NOTE(cloudnull): Get a list of packages to install with bindep. If packages
# need to be installed, bindep exits with an exit code of 1.
BINDEP_PKGS=$(bindep -b -f "${BINDEP_FILE}" test || true)
if [[ ${#BINDEP_PKGS} > 0 ]]; then
case "${ID,,}" in
amzn|rhel|centos|fedora)
sudo "${RHT_PKG_MGR}" install -y ${BINDEP_PKGS}
;;
esac
fi

18
tripleo_ipa/roles/tripleo_ipa_dns/tasks/dns.yaml
View File

@ -40,17 +40,17 @@
block:
- name: set record type
set_fact:
record_type: "{{ 'A' if record_value | ansible.utils.ipv4 else 'AAAA' }}"
record_type: "{{ 'A' if record_value| ansible.netcommon.ipv4 else 'AAAA' }}"
- name: add dns zone
freeipa.ansible_freeipa.ipadnszone:
ipadnszone:
name: "{{ zone_name }}"
become: true
- name: Modify or add forward dns
block:
- name: try modifying forward dns record
freeipa.ansible_freeipa.ipadnsrecord:
ipadnsrecord:
zone_name: "{{ zone_name }}"
record_name: "{{ record_name }}"
record_type: "{{ record_type }}"
@ -60,7 +60,7 @@
become: true
- name: try modifying forward dns record
freeipa.ansible_freeipa.ipadnsrecord:
ipadnsrecord:
zone_name: "{{ zone_name }}"
record_name: "{{ record_name }}"
record_type: "{{ record_type }}"
@ -70,7 +70,7 @@
become: true
rescue:
- name: add forward dns record
freeipa.ansible_freeipa.ipadnsrecord:
ipadnsrecord:
zone_name: "{{ zone_name }}"
record_name: "{{ record_name }}"
record_type: "{{ record_type }}"
@ -79,7 +79,7 @@
- name: get reverse record data
set_fact:
reverse_addr: "{{ record_value | ansible.utils.ipaddr('revdns') }}"
reverse_addr: "{{ record_value | ipaddr('revdns') }}"
- name: set reverse record entries for ipv4
set_fact:
@ -94,7 +94,7 @@
when: record_type == 'AAAA'
- name: add reverse record dns zone
freeipa.ansible_freeipa.ipadnszone:
ipadnszone:
name: "{{ reverse_record_zone }}"
register: reverse_zone_result
failed_when: reverse_zone_result.failed and 'already exists in DNS' not in reverse_zone_result.msg
@ -103,7 +103,7 @@
- name: Modify or add reverse dns record
block:
- name: try modifying reverse dns record
freeipa.ansible_freeipa.ipadnsrecord:
ipadnsrecord:
zone_name: "{{ reverse_record_zone }}"
record_name: "{{ reverse_record_name }}"
record_type: "PTR"
@ -112,7 +112,7 @@
become: true
rescue:
- name: add reverse dns record
freeipa.ansible_freeipa.ipadnsrecord:
ipadnsrecord:
zone_name: "{{ reverse_record_zone }}"
record_name: "{{ reverse_record_name }}"
record_type: "PTR"

2
tripleo_ipa/roles/tripleo_ipa_registration/tasks/main.yml
View File

@ -45,7 +45,7 @@
become: true
block:
- name: add new host with one-time password
freeipa.ansible_freeipa.ipahost:
ipahost:
name: "{{ base_server_fqdn }}"
random: true
force: true

4
tripleo_ipa/roles/tripleo_ipa_registration/tasks/services.yml
View File

@ -31,14 +31,14 @@
service: "{{ item.1 }}"
- name: add sub_host
freeipa.ansible_freeipa.ipahost:
ipahost:
fqdn: "{{ sub_host }}"
force: true
state: present
become: true
- name: add service
freeipa.ansible_freeipa.ipaservice:
ipaservice:
name: "{{ service }}/{{ sub_host }}"
force: true
state: present

6
tripleo_ipa/roles/tripleo_ipa_setup/tasks/add_ipa_user.yml
View File

@ -24,20 +24,20 @@
nova_service: "nova/{{ undercloud_fqdn }}"
- name: add nova service
freeipa.ansible_freeipa.ipaservice:
ipaservice:
name: "{{ nova_service }}"
state: present
force: true
- name: add Nova Host Manager role
freeipa.ansible_freeipa.iparole:
iparole:
name: Nova Host Manager
description: Nova Host Manager
privilege:
- Nova Host Management
- name: add service to the Nova Host Manager role
freeipa.ansible_freeipa.iparole:
iparole:
name: Nova Host Manager
service: "{{ nova_service }}"
action: member

8
tripleo_ipa/roles/tripleo_ipa_setup/tasks/setup.yml
View File

@ -50,7 +50,7 @@
- 'Retrieve Certificates from the CA'
- name: add nova host management permissions
freeipa.ansible_freeipa.ipapermission:
ipapermission:
name: "{{ item.name }}"
right: "{{ item.right }}"
object_type: "{{ item.type }}"
@ -58,12 +58,12 @@
loop: "{{ novajoin_perms|flatten(levels=1) }}"
- name: add Nova Host privilege
freeipa.ansible_freeipa.ipaprivilege:
ipaprivilege:
name: Nova Host Management
description: Nova Host Management
- name: add permissions to the Nova Host privilege
freeipa.ansible_freeipa.ipaprivilege:
ipaprivilege:
name: Nova Host Management
action: member
permission: "{{ item }}"
@ -74,7 +74,7 @@
loop: "{{ novajoin_privilege_perms }}"
- name: add Nova Host Manager role
freeipa.ansible_freeipa.iparole:
iparole:
name: Nova Host Manager
description: Nova Host Manager
privilege:

5
zuul.d/base.yaml
View File

@ -1,4 +1,9 @@
---
- job:
description: Runs tox linters job on centos
name: openstack-tox-linters-centos
parent: openstack-tox-linters
nodeset: devstack-single-node-centos-9-stream
- job:
description: tripleo-ipa molecule job
name: tripleo-ipa-centos-9-molecule

4
zuul.d/layout.yaml
View File

@ -7,9 +7,9 @@
- tripleo-standalone-multinode-ipa-pipeline
check:
jobs:
- openstack-tox-linters
- openstack-tox-linters-centos
- tripleo-ipa-centos-9-molecule
gate:
jobs:
- openstack-tox-linters
- openstack-tox-linters-centos
- tripleo-ipa-centos-9-molecule

13
zuul.d/playbooks/pre.yml
View File

@ -15,6 +15,19 @@
include_role:
name: ensure-pip
- name: Setup bindep
pip:
name: "bindep"
virtualenv: "{{ ansible_user_dir }}/test-python"
virtualenv_command: "{{ ensure_pip_virtualenv_command }}"
virtualenv_site_packages: true
- name: Run bindep
shell: |-
. {{ ansible_user_dir }}/test-python/bin/activate
{{ tripleo_ipa_project_path }}/scripts/bindep-install
become: true
- name: Ensure a recent version of pip is installed in virtualenv
pip:
name: "pip>=19.1.1"