Use system installed ansible-freeipa instead of collections
The RHEL suppplied ansible-freeipa RPM package installs the
modules at the default ansible module path and not as a
collection. This caused problems for the end user.
This also changes the linter job to run on CentOS, since
the ansible-freeipa package is not available on Ubuntu.
This also reverts commit 2cc09a2b68c5b64b35742de91d4e7c0cd73f188c.
Reason for revert: We get this error:
error={"msg": "template error while templating string:
cannot import name 'environmentfilter' from 'jinja2.filters'
(/usr/lib/python3.9/site-packages/ansible/_vendor/jinja2/filters.py)\n
line 0. String: {{ 'A' if record_value | ansible.utils.ipv4
else 'AAAA' }}"}
Change-Id: I7df25fb945da1d98c68fe4113a09afdc2f2c5687
This commit is contained in:
Grzegorz Grasza
Ade Lee
parent
c04991863b
commit
e3afdf14b6
@ -1,3 +1,6 @@
|
|||||||
|
exclude_paths:
|
||||||
|
- ..
|
||||||
|
|
||||||
skip_list:
|
skip_list:
|
||||||
- experimental # all rules tagged as experimental
|
- experimental # all rules tagged as experimental
|
||||||
- no-changed-when # Commands should not change things if nothing needs doing
|
- no-changed-when # Commands should not change things if nothing needs doing
|
||||||
|
|||||||
@ -1,7 +1,6 @@
|
|||||||
collections:
|
collections:
|
||||||
- containers.podman
|
- containers.podman
|
||||||
- community.general
|
- community.general
|
||||||
- freeipa.ansible_freeipa
|
|
||||||
- ansible.posix
|
- ansible.posix
|
||||||
- ansible.netcommon
|
- ansible.netcommon
|
||||||
- openstack.cloud
|
- openstack.cloud
|
||||||
|
|||||||
17
bindep.txt
17
bindep.txt
@ -18,20 +18,25 @@ gcc-c++ [platform:rpm]
|
|||||||
git [platform:rpm]
|
git [platform:rpm]
|
||||||
libffi-devel [platform:rpm]
|
libffi-devel [platform:rpm]
|
||||||
openssl-devel [platform:rpm]
|
openssl-devel [platform:rpm]
|
||||||
|
podman [platform:rpm]
|
||||||
python-devel [platform:rpm !platform:rhel-8 !platform:centos-8]
|
python-devel [platform:rpm !platform:rhel-8 !platform:centos-8]
|
||||||
python3-devel [platform:rpm !platform:rhel-7 !platform:centos-7]
|
python3-devel [platform:rpm !platform:rhel-7 !platform:centos-7]
|
||||||
PyYAML [platform:rpm !platform:rhel-8 !platform:centos-8]
|
PyYAML [platform:rpm !platform:rhel-8 !platform:centos-8 !platform:rhel-9 !platform:centos-9 !platform:fedora]
|
||||||
python3-pyyaml [platform:rpm !platform:rhel-7 !platform:centos-7]
|
python3-pyyaml [platform:rpm !platform:rhel-7 !platform:centos-7]
|
||||||
python3-dnf [platform:rpm !platform:rhel-7 !platform:centos-7]
|
python3-dnf [platform:rpm !platform:rhel-7 !platform:centos-7]
|
||||||
|
|
||||||
# For SELinux
|
# SELinux cent7
|
||||||
libselinux-python [platform:rpm !platform:rhel-8 !platform:centos-8]
|
libselinux-python3 [platform:rpm !platform:rhel-8 !platform:centos-8]
|
||||||
libsemanage-python [platform:redhat !platform:rhel-8 !platform:centos-8]
|
libsemanage-python3 [platform:redhat !platform:rhel-8 !platform:centos-8]
|
||||||
libselinux-python3 [platform:rpm !platform:rhel-7 !platform:centos-7]
|
# SELinux cent8
|
||||||
libsemanage-python3 [platform:redhat !platform:rhel-7 !platform:centos-7]
|
python3-libselinux [platform:rpm !platform:rhel-7 !platform:centos-7]
|
||||||
|
python3-libsemanage [platform:redhat !platform:rhel-7 !platform:centos-7]
|
||||||
|
|
||||||
# Required for compressing collected log files in CI
|
# Required for compressing collected log files in CI
|
||||||
gzip
|
gzip
|
||||||
|
|
||||||
# Required to build language docs
|
# Required to build language docs
|
||||||
gettext
|
gettext
|
||||||
|
|
||||||
|
# Install ansible-freeipa to default ansible path
|
||||||
|
ansible-freeipa [platform:redhat]
|
||||||
|
|||||||
45
scripts/bindep-install
Executable file
45
scripts/bindep-install
Executable file
@ -0,0 +1,45 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
# Copyright 2019 Red Hat, Inc.
|
||||||
|
# All Rights Reserved.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
|
||||||
|
## Shell Opts ----------------------------------------------------------------
|
||||||
|
|
||||||
|
set -o pipefail
|
||||||
|
set -xeuo
|
||||||
|
|
||||||
|
|
||||||
|
## Vars ----------------------------------------------------------------------
|
||||||
|
|
||||||
|
export BINDEP_FILE="${BINDEP_FILE:-$(dirname $(readlink -f ${BASH_SOURCE[0]}))/../bindep.txt}"
|
||||||
|
|
||||||
|
|
||||||
|
## Main ----------------------------------------------------------------------
|
||||||
|
|
||||||
|
# Source distribution information
|
||||||
|
source /etc/os-release || source /usr/lib/os-release
|
||||||
|
RHT_PKG_MGR=$(command -v dnf || command -v yum)
|
||||||
|
|
||||||
|
# NOTE(cloudnull): Get a list of packages to install with bindep. If packages
|
||||||
|
# need to be installed, bindep exits with an exit code of 1.
|
||||||
|
BINDEP_PKGS=$(bindep -b -f "${BINDEP_FILE}" test || true)
|
||||||
|
|
||||||
|
if [[ ${#BINDEP_PKGS} > 0 ]]; then
|
||||||
|
case "${ID,,}" in
|
||||||
|
amzn|rhel|centos|fedora)
|
||||||
|
sudo "${RHT_PKG_MGR}" install -y ${BINDEP_PKGS}
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
fi
|
||||||
@ -40,17 +40,17 @@
|
|||||||
block:
|
block:
|
||||||
- name: set record type
|
- name: set record type
|
||||||
set_fact:
|
set_fact:
|
||||||
record_type: "{{ 'A' if record_value | ansible.utils.ipv4 else 'AAAA' }}"
|
record_type: "{{ 'A' if record_value| ansible.netcommon.ipv4 else 'AAAA' }}"
|
||||||
|
|
||||||
- name: add dns zone
|
- name: add dns zone
|
||||||
freeipa.ansible_freeipa.ipadnszone:
|
ipadnszone:
|
||||||
name: "{{ zone_name }}"
|
name: "{{ zone_name }}"
|
||||||
become: true
|
become: true
|
||||||
|
|
||||||
- name: Modify or add forward dns
|
- name: Modify or add forward dns
|
||||||
block:
|
block:
|
||||||
- name: try modifying forward dns record
|
- name: try modifying forward dns record
|
||||||
freeipa.ansible_freeipa.ipadnsrecord:
|
ipadnsrecord:
|
||||||
zone_name: "{{ zone_name }}"
|
zone_name: "{{ zone_name }}"
|
||||||
record_name: "{{ record_name }}"
|
record_name: "{{ record_name }}"
|
||||||
record_type: "{{ record_type }}"
|
record_type: "{{ record_type }}"
|
||||||
@ -60,7 +60,7 @@
|
|||||||
become: true
|
become: true
|
||||||
|
|
||||||
- name: try modifying forward dns record
|
- name: try modifying forward dns record
|
||||||
freeipa.ansible_freeipa.ipadnsrecord:
|
ipadnsrecord:
|
||||||
zone_name: "{{ zone_name }}"
|
zone_name: "{{ zone_name }}"
|
||||||
record_name: "{{ record_name }}"
|
record_name: "{{ record_name }}"
|
||||||
record_type: "{{ record_type }}"
|
record_type: "{{ record_type }}"
|
||||||
@ -70,7 +70,7 @@
|
|||||||
become: true
|
become: true
|
||||||
rescue:
|
rescue:
|
||||||
- name: add forward dns record
|
- name: add forward dns record
|
||||||
freeipa.ansible_freeipa.ipadnsrecord:
|
ipadnsrecord:
|
||||||
zone_name: "{{ zone_name }}"
|
zone_name: "{{ zone_name }}"
|
||||||
record_name: "{{ record_name }}"
|
record_name: "{{ record_name }}"
|
||||||
record_type: "{{ record_type }}"
|
record_type: "{{ record_type }}"
|
||||||
@ -79,7 +79,7 @@
|
|||||||
|
|
||||||
- name: get reverse record data
|
- name: get reverse record data
|
||||||
set_fact:
|
set_fact:
|
||||||
reverse_addr: "{{ record_value | ansible.utils.ipaddr('revdns') }}"
|
reverse_addr: "{{ record_value | ipaddr('revdns') }}"
|
||||||
|
|
||||||
- name: set reverse record entries for ipv4
|
- name: set reverse record entries for ipv4
|
||||||
set_fact:
|
set_fact:
|
||||||
@ -94,7 +94,7 @@
|
|||||||
when: record_type == 'AAAA'
|
when: record_type == 'AAAA'
|
||||||
|
|
||||||
- name: add reverse record dns zone
|
- name: add reverse record dns zone
|
||||||
freeipa.ansible_freeipa.ipadnszone:
|
ipadnszone:
|
||||||
name: "{{ reverse_record_zone }}"
|
name: "{{ reverse_record_zone }}"
|
||||||
register: reverse_zone_result
|
register: reverse_zone_result
|
||||||
failed_when: reverse_zone_result.failed and 'already exists in DNS' not in reverse_zone_result.msg
|
failed_when: reverse_zone_result.failed and 'already exists in DNS' not in reverse_zone_result.msg
|
||||||
@ -103,7 +103,7 @@
|
|||||||
- name: Modify or add reverse dns record
|
- name: Modify or add reverse dns record
|
||||||
block:
|
block:
|
||||||
- name: try modifying reverse dns record
|
- name: try modifying reverse dns record
|
||||||
freeipa.ansible_freeipa.ipadnsrecord:
|
ipadnsrecord:
|
||||||
zone_name: "{{ reverse_record_zone }}"
|
zone_name: "{{ reverse_record_zone }}"
|
||||||
record_name: "{{ reverse_record_name }}"
|
record_name: "{{ reverse_record_name }}"
|
||||||
record_type: "PTR"
|
record_type: "PTR"
|
||||||
@ -112,7 +112,7 @@
|
|||||||
become: true
|
become: true
|
||||||
rescue:
|
rescue:
|
||||||
- name: add reverse dns record
|
- name: add reverse dns record
|
||||||
freeipa.ansible_freeipa.ipadnsrecord:
|
ipadnsrecord:
|
||||||
zone_name: "{{ reverse_record_zone }}"
|
zone_name: "{{ reverse_record_zone }}"
|
||||||
record_name: "{{ reverse_record_name }}"
|
record_name: "{{ reverse_record_name }}"
|
||||||
record_type: "PTR"
|
record_type: "PTR"
|
||||||
|
|||||||
@ -45,7 +45,7 @@
|
|||||||
become: true
|
become: true
|
||||||
block:
|
block:
|
||||||
- name: add new host with one-time password
|
- name: add new host with one-time password
|
||||||
freeipa.ansible_freeipa.ipahost:
|
ipahost:
|
||||||
name: "{{ base_server_fqdn }}"
|
name: "{{ base_server_fqdn }}"
|
||||||
random: true
|
random: true
|
||||||
force: true
|
force: true
|
||||||
|
|||||||
@ -31,14 +31,14 @@
|
|||||||
service: "{{ item.1 }}"
|
service: "{{ item.1 }}"
|
||||||
|
|
||||||
- name: add sub_host
|
- name: add sub_host
|
||||||
freeipa.ansible_freeipa.ipahost:
|
ipahost:
|
||||||
fqdn: "{{ sub_host }}"
|
fqdn: "{{ sub_host }}"
|
||||||
force: true
|
force: true
|
||||||
state: present
|
state: present
|
||||||
become: true
|
become: true
|
||||||
|
|
||||||
- name: add service
|
- name: add service
|
||||||
freeipa.ansible_freeipa.ipaservice:
|
ipaservice:
|
||||||
name: "{{ service }}/{{ sub_host }}"
|
name: "{{ service }}/{{ sub_host }}"
|
||||||
force: true
|
force: true
|
||||||
state: present
|
state: present
|
||||||
|
|||||||
@ -24,20 +24,20 @@
|
|||||||
nova_service: "nova/{{ undercloud_fqdn }}"
|
nova_service: "nova/{{ undercloud_fqdn }}"
|
||||||
|
|
||||||
- name: add nova service
|
- name: add nova service
|
||||||
freeipa.ansible_freeipa.ipaservice:
|
ipaservice:
|
||||||
name: "{{ nova_service }}"
|
name: "{{ nova_service }}"
|
||||||
state: present
|
state: present
|
||||||
force: true
|
force: true
|
||||||
|
|
||||||
- name: add Nova Host Manager role
|
- name: add Nova Host Manager role
|
||||||
freeipa.ansible_freeipa.iparole:
|
iparole:
|
||||||
name: Nova Host Manager
|
name: Nova Host Manager
|
||||||
description: Nova Host Manager
|
description: Nova Host Manager
|
||||||
privilege:
|
privilege:
|
||||||
- Nova Host Management
|
- Nova Host Management
|
||||||
|
|
||||||
- name: add service to the Nova Host Manager role
|
- name: add service to the Nova Host Manager role
|
||||||
freeipa.ansible_freeipa.iparole:
|
iparole:
|
||||||
name: Nova Host Manager
|
name: Nova Host Manager
|
||||||
service: "{{ nova_service }}"
|
service: "{{ nova_service }}"
|
||||||
action: member
|
action: member
|
||||||
|
|||||||
@ -50,7 +50,7 @@
|
|||||||
- 'Retrieve Certificates from the CA'
|
- 'Retrieve Certificates from the CA'
|
||||||
|
|
||||||
- name: add nova host management permissions
|
- name: add nova host management permissions
|
||||||
freeipa.ansible_freeipa.ipapermission:
|
ipapermission:
|
||||||
name: "{{ item.name }}"
|
name: "{{ item.name }}"
|
||||||
right: "{{ item.right }}"
|
right: "{{ item.right }}"
|
||||||
object_type: "{{ item.type }}"
|
object_type: "{{ item.type }}"
|
||||||
@ -58,12 +58,12 @@
|
|||||||
loop: "{{ novajoin_perms|flatten(levels=1) }}"
|
loop: "{{ novajoin_perms|flatten(levels=1) }}"
|
||||||
|
|
||||||
- name: add Nova Host privilege
|
- name: add Nova Host privilege
|
||||||
freeipa.ansible_freeipa.ipaprivilege:
|
ipaprivilege:
|
||||||
name: Nova Host Management
|
name: Nova Host Management
|
||||||
description: Nova Host Management
|
description: Nova Host Management
|
||||||
|
|
||||||
- name: add permissions to the Nova Host privilege
|
- name: add permissions to the Nova Host privilege
|
||||||
freeipa.ansible_freeipa.ipaprivilege:
|
ipaprivilege:
|
||||||
name: Nova Host Management
|
name: Nova Host Management
|
||||||
action: member
|
action: member
|
||||||
permission: "{{ item }}"
|
permission: "{{ item }}"
|
||||||
@ -74,7 +74,7 @@
|
|||||||
loop: "{{ novajoin_privilege_perms }}"
|
loop: "{{ novajoin_privilege_perms }}"
|
||||||
|
|
||||||
- name: add Nova Host Manager role
|
- name: add Nova Host Manager role
|
||||||
freeipa.ansible_freeipa.iparole:
|
iparole:
|
||||||
name: Nova Host Manager
|
name: Nova Host Manager
|
||||||
description: Nova Host Manager
|
description: Nova Host Manager
|
||||||
privilege:
|
privilege:
|
||||||
|
|||||||
@ -1,4 +1,9 @@
|
|||||||
---
|
---
|
||||||
|
- job:
|
||||||
|
description: Runs tox linters job on centos
|
||||||
|
name: openstack-tox-linters-centos
|
||||||
|
parent: openstack-tox-linters
|
||||||
|
nodeset: devstack-single-node-centos-9-stream
|
||||||
- job:
|
- job:
|
||||||
description: tripleo-ipa molecule job
|
description: tripleo-ipa molecule job
|
||||||
name: tripleo-ipa-centos-9-molecule
|
name: tripleo-ipa-centos-9-molecule
|
||||||
|
|||||||
@ -7,9 +7,9 @@
|
|||||||
- tripleo-standalone-multinode-ipa-pipeline
|
- tripleo-standalone-multinode-ipa-pipeline
|
||||||
check:
|
check:
|
||||||
jobs:
|
jobs:
|
||||||
- openstack-tox-linters
|
- openstack-tox-linters-centos
|
||||||
- tripleo-ipa-centos-9-molecule
|
- tripleo-ipa-centos-9-molecule
|
||||||
gate:
|
gate:
|
||||||
jobs:
|
jobs:
|
||||||
- openstack-tox-linters
|
- openstack-tox-linters-centos
|
||||||
- tripleo-ipa-centos-9-molecule
|
- tripleo-ipa-centos-9-molecule
|
||||||
|
|||||||
@ -15,6 +15,19 @@
|
|||||||
include_role:
|
include_role:
|
||||||
name: ensure-pip
|
name: ensure-pip
|
||||||
|
|
||||||
|
- name: Setup bindep
|
||||||
|
pip:
|
||||||
|
name: "bindep"
|
||||||
|
virtualenv: "{{ ansible_user_dir }}/test-python"
|
||||||
|
virtualenv_command: "{{ ensure_pip_virtualenv_command }}"
|
||||||
|
virtualenv_site_packages: true
|
||||||
|
|
||||||
|
- name: Run bindep
|
||||||
|
shell: |-
|
||||||
|
. {{ ansible_user_dir }}/test-python/bin/activate
|
||||||
|
{{ tripleo_ipa_project_path }}/scripts/bindep-install
|
||||||
|
become: true
|
||||||
|
|
||||||
- name: Ensure a recent version of pip is installed in virtualenv
|
- name: Ensure a recent version of pip is installed in virtualenv
|
||||||
pip:
|
pip:
|
||||||
name: "pip>=19.1.1"
|
name: "pip>=19.1.1"
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user