--- /dev/null
+provision/windows-builder.yaml
---
-- hosts: all
+- name: Baseline for all builds
+ hosts: all
become_user: root
- become_method: sudo
+ become: true
+ become_method: ansible.builtin.sudo
pre_tasks:
- - include_role: name=lfit.system-update
+ - name: Pre-task system update
+ ansible.builtin.include_role:
+ name: lfit.system-update
- name: Install base packages
- include_tasks: "{{item}}"
+ ansible.builtin.include_tasks: "{{ item }}"
with_first_found:
- - "install-base-pkgs-{{ansible_distribution}}.yaml"
- - "install-base-pkgs-{{ansible_os_family}}.yaml"
+ - "install-base-pkgs-{{ ansible_distribution }}.yaml"
+ - "install-base-pkgs-{{ ansible_os_family }}.yaml"
- name: Allow jenkins user sudo access
- copy:
+ ansible.builtin.copy:
dest: /etc/sudoers.d/89-jenkins-user-defaults
content: |
Defaults:jenkins !requiretty
jenkins ALL=(ALL) NOPASSWD:ALL
validate: /usr/sbin/visudo -cf %s
- become: yes
+ owner: root
+ group: root
+ mode: "0644"
+ become: true
roles:
- lfit.lf-recommended-tools
# Update /etc/nss-switch.conf to map hostname with IP instead of using `localhost`
# from /etc/hosts which is required by some of the Java API's to avoid
# Java UnknownHostException: "Name or service not known" error.
- replace:
+ ansible.builtin.replace:
path: /etc/nsswitch.conf
regexp: '^hosts:(\s+.*)?$'
replace: 'hosts:\1 myhostname'
- backup: yes
- become: yes
+ backup: true
+ become: true
- name: Disable periodic updates
+ when: ansible_distribution == 'Ubuntu'
+ become: true
block:
- name: Set all periodic update options to 0
- replace:
+ ansible.builtin.replace:
path: /etc/apt/apt.conf.d/10periodic
regexp: "1"
replace: "0"
- name: Set all auto update options to 0
- replace:
+ ansible.builtin.replace:
path: /etc/apt/apt.conf.d/20auto-upgrades
regexp: "1"
replace: "0"
- - name: Disable unattended upgrades
- lineinfile:
+ - name: Disable unattended upgrades # noqa risky-file-permissions
+ ansible.builtin.lineinfile:
path: /etc/apt/apt.conf.d/10periodic
regexp: "^APT::Periodic::Unattended-Upgrade"
line: 'APT::Periodic::Unattended-Upgrade "0";'
- create: yes
+ create: true
- name: Uninstall unattended upgrades
- apt:
+ ansible.builtin.apt:
name: unattended-upgrades
state: absent
- name: Prevent unattended upgrades from being installed
- dpkg_selections:
+ ansible.builtin.dpkg_selections:
name: unattended-upgrades
selection: hold
- name: Disable apt-daily.* systemd services
- systemd:
- name: "{{service}}"
- enabled: no
- masked: yes
+ ansible.builtin.systemd:
+ name: "{{ service }}"
+ enabled: false
+ masked: true
with_items:
- apt-daily.service
- apt-daily.timer
- apt-daily-upgrade.timer
loop_control:
loop_var: service
- when: ansible_distribution == 'Ubuntu'
- become: yes
- name: System Reseal
- script: system-reseal.sh
+ ansible.builtin.script: system-reseal.sh
become: true
---
-- import_playbook: ../common-packer/provision/baseline.yaml
+- name: Devstack Pre pip CentOS
+ import_playbook: ../common-packer/provision/baseline.yaml
-- hosts: all
+- name: Devstack pre-pip for CentOS
+ hosts: all
become_user: root
- become_method: sudo
+ become: true
+ become_method: ansible.builtin.sudo
pre_tasks:
- - include_role: name=lfit.system-update
+ - name: Pre-task system update
+ ansible.builtin.include_role:
+ name: lfit.system-update
tasks:
- - name: "Install devstack dependencies"
+ - name: "Install devstack dependencies" # noqa literal-compare
+ become: true
block:
- name: Install xpath dependencies
- yum:
+ ansible.builtin.yum:
name:
- perl-XML-XPath
- crudini
state: present
become: true
- name: Install non-baseline requirements
- yum:
+ ansible.builtin.yum:
name:
- libxml2-devel
- libxslt-devel
- "@development"
state: present
become: true
- - name: check if net link setup exists
- stat:
+ - name: Check if net link setup exists
+ ansible.builtin.stat:
path: /etc/udev/rules.d/80-net-setup-link.rules
register: rules_file_exists
- - name: Update net link setup
- file:
+ - name: Update net link setup # noqa literal-compare
+ ansible.builtin.file:
src: /dev/null
dest: /etc/udev/rules.d/80-net-setup-link.rules
state: link
- force: yes
+ force: true
become: true
when: rules_file_exists.stat.exists == true
- name: Install RDMA (InfiniBand/iWARP/RoCE) requirements
- yum:
+ ansible.builtin.yum:
name:
- libibverbs
- libmlx5
become: true
- name: "Pre-Install yum and pip packages"
block:
- - name: Create /tmp/devstack directory
- file:
+ - name: Create /tmp/devstack directory # noqa risky-file-permissions
+ ansible.builtin.file:
path: /tmp/devstack
state: directory
- mode: 0755
+ mode: "0755"
- name: Fetch openstack devstack-dev repo
- git:
+ ansible.builtin.git:
repo: https://github.com/openstack-dev/devstack.git
dest: /tmp/devstack
version: "{{ os_branch }}"
- - name: "Read openstack devstack dependencies"
- shell: "sed -e 's/#.*//' /tmp/devstack/files/rpms/general"
+ - name: "Read openstack devstack dependencies" # noqa no-changed-when
+ ansible.builtin.shell: "sed -e 's/#.*//' /tmp/devstack/files/rpms/general"
register: sed_output
args:
- warn: False
+ warn: false
- name: "Install non-baseline requirements for {{ os_branch }}"
- yum:
+ ansible.builtin.yum: # noqa no-changed-when
name: "{{ sed_output.stdout_lines }}"
state: present
become: true
- - name: git clone openstack core projects
- git: repo='https://github.com/openstack/{{ item }}.git'
- dest='/tmp/devstack/{{ item }}'
- version='{{ os_branch }}'
+ - name: Clone openstack core projects
+ ansible.builtin.git:
+ repo: "https://github.com/openstack/{{ item }}.git"
+ dest: "/tmp/devstack/{{ item }}"
+ version: "{{ os_branch }}"
with_items:
- requirements
- keystone
- neutron
- nova
- horizon
- - name: Install pip dependencies
- shell: |
+ - name: Install pip dependencies # noqa no-changed-when
+ ansible.builtin.shell: |
cd "{{ item }}"
git branch -a
cd ..
exit 0
args:
chdir: /tmp/devstack
- warn: False
+ warn: false
with_items:
- requirements
- keystone
- name: "Install openvswitch from relevant openstack branch"
block:
- name: "Install CentOS openstack release {{ rdo_branch }}"
- yum:
+ ansible.builtin.yum:
name: "centos-release-openstack-{{ rdo_branch }}"
state: present
become: true
- name: "Install openvswitch 2.8.2 for stable/queens"
- yum:
+ ansible.builtin.yum:
name: openvswitch-2.8.2-1.el7
state: present
- disable_gpg_check: yes
+ disable_gpg_check: true
when: rdo_branch == 'queens'
become: true
- name: "Install openvswitch latest for stable/rocky"
- yum:
+ ansible.builtin.yum:
name: openvswitch
state: present
- disable_gpg_check: yes
+ disable_gpg_check: true
when: rdo_branch == 'rocky'
become: true
# Workaround for git deps conflict on rocky
- name: Swap to git
+ become: true
block:
- name: Gather rpm package facts
- package_facts:
+ ansible.builtin.package_facts:
manager: auto
- - name: Replace git2u with git
- command: yum replace -y git2u --replace-with git
+ - name: Replace git2u with git # noqa no-changed-when command-instead-of-module
+ ansible.builtin.command: yum replace -y git2u --replace-with git
when: ansible_facts.packages['git2u'] is defined
- become: true
- name: "Cleanup devstack directory"
block:
- name: "Removing /tmp/devstack"
- file:
+ ansible.builtin.file:
path: /tmp/devstack
state: absent
become: true
---
-- import_playbook: ../common-packer/provision/baseline.yaml
+- name: Import baseline
+ import_playbook: ../common-packer/provision/baseline.yaml
-- hosts: all
+- name: Devstack
+ hosts: all
become_user: root
- become_method: sudo
+ become: true
+ become_method: ansible.builtin.sudo
pre_tasks:
- - include_role: name=lfit.system-update
+ - name: Pre-task system update
+ ansible.builtin.include_role:
+ name: lfit.system-update
tasks:
- name: "Install devstack dependencies"
+ become: true
block:
- name: Install xpath dependencies (CentOS/RedHat)
- yum:
+ ansible.builtin.yum:
name:
- perl-XML-XPath
- crudini
become: true
when: ansible_os_family == 'RedHat'
- name: Install xpath dependencies (Ubuntu/Debian)
- apt:
+ ansible.builtin.apt:
name:
- libxml-xpath-perl
- crudini
become: true
when: ansible_os_family == 'Debian'
- name: Installing non-baseline requirements (CentOS/RedHat)
- yum:
+ ansible.builtin.yum:
name:
- libxml2-devel
- libxslt-devel
become: true
when: ansible_os_family == 'RedHat'
- name: Installing non-baseline requirements (Ubuntu/Debian)
- apt:
+ ansible.builtin.apt:
name:
- libxml2-dev
- libxslt-dev
state: present
become: true
when: ansible_os_family == 'Debian'
- - name: check if net link setup exists
- stat:
+ - name: Check if net link setup exists
+ ansible.builtin.stat:
path: /etc/udev/rules.d/80-net-setup-link.rules
register: rules_file_exists
- - name: Update net link setup
- file:
+ - name: Update net link setup # noqa literal-compare
+ ansible.builtin.file:
src: /dev/null
dest: /etc/udev/rules.d/80-net-setup-link.rules
state: link
- force: yes
+ force: true
become: true
- when: rules_file_exists.stat.exists == true
+ when: rules_file_exists.stat.exists
---
-- import_playbook: baseline.yaml
+- name: Import baseline
+ import_playbook: baseline.yaml
-- hosts: all
+- name: Docker
+ hosts: all
become_user: root
- become_method: sudo
+ become: true
+ become_method: ansible.builtin.sudo
pre_tasks:
- - include_role: name=lfit.system-update
+ - name: Pre-tasks system update
+ ansible.builtin.include_role:
+ name: lfit.system-update
roles:
- { role: lfit.docker-install, mtu: 1458 }
post_tasks:
- name: System Reseal
- script: system-reseal.sh
+ ansible.builtin.script: system-reseal.sh
become: true
---
- name: Add IUS repository to /etc/yum.repos.d/
- yum_repository:
+ ansible.builtin.yum_repository:
name: ius
description: IUS Community Packages for Enterprise Linux
baseurl: https://repo.ius.io/{{ ansible_distribution_major_version|lower }}/$basearch/
gpgkey: https://repo.ius.io/RPM-GPG-KEY-IUS-{{ ansible_distribution_major_version|lower }}
- enabled: "yes"
- gpgcheck: "yes"
+ enabled: "true"
+ gpgcheck: "true"
state: present
includepkgs:
- git2*
# and enable the correct repo.
# Ref: https://wiki.centos.org/Manuals/ReleaseNotes/CentOS8.2011#Yum_repo_file_and_repoid_changes
- name: Enable PowerTools repository for CentOS 8.{0,2,3}
+ when:
+ - ansible_facts.distribution_major_version|int >= 8
block:
- name: Check the file name in path '/etc/yum.repos.d/' for CentOS 8.{2.2004} or earlier versions
- shell: grep -lE "^\[PowerTools\]" /etc/yum.repos.d/*.repo
+ ansible.builtin.shell: grep -lE "^\[PowerTools\]" /etc/yum.repos.d/*.repo
register: repofile
changed_when: false
failed_when: false
- check_mode: no
+ check_mode: false
- name: Enable 'PowerTools' repo for CentOS 8.{2.2004} or earlier versions if the file exist
- ini_file:
+ community.general.ini_file:
path: "{{ repofile.stdout }}"
section: "PowerTools"
option: enabled
become: true
- name: Check the file name in path '/etc/yum.repos.d/' for CentOS 8.{3.2011} or later versions
- shell: grep -lE "^\[powertools\]" /etc/yum.repos.d/*.repo
+ ansible.builtin.shell: grep -lE "^\[powertools\]" /etc/yum.repos.d/*.repo
register: repofile
changed_when: false
failed_when: false
- check_mode: no
+ check_mode: false
- name: Enable 'powertools' repo for CentOS 8.{3.2011} or later versions if the file exist
- ini_file:
+ community.general.ini_file:
path: "{{ repofile.stdout }}"
section: "powertools"
option: enabled
no_extra_spaces: true
when: repofile.rc == 0
become: true
- when:
- - ansible_facts.distribution_major_version|int >= 8
- name: "Download the RPM GPG KEY for EPEL - {{ ansible_distribution_major_version }}"
- get_url:
+ ansible.builtin.get_url:
url: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}
dest: /tmp/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}
- mode: 0600
+ mode: "0644"
become: true
when:
- ansible_os_family == 'RedHat' and ansible_facts['distribution_major_version'] is version('8', '>=')
- name: Import RPM GPG KEY into the DB
- rpm_key:
+ ansible.builtin.rpm_key:
key: /tmp/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}
state: present
become: true
- ansible_os_family == 'RedHat' and ansible_facts['distribution_major_version'] is version('8', '>=')
- name: Install base packages
- yum:
+ ansible.builtin.yum:
name:
- "@base"
- "@development"
- name: Enable CentOS stream 8 dependent modules
block:
- name: Enable pki-core
- command:
+ ansible.builtin.command:
cmd: dnf module enable pki-core -y
- warn: no
+ warn: false
become: true
- name: Enable pki-deps
- command:
+ ansible.builtin.command:
cmd: dnf module enable pki-deps -y
- warn: no
+ warn: false
become: true
when: ansible_os_family == 'RedHat' and ansible_facts['distribution_major_version'] is version('8', '>=')
- name: Install sigul client for EL 7
- yum:
+ ansible.builtin.yum:
name:
- https://kojipkgs.fedoraproject.org/repos-dist/epel7-infra/latest/x86_64/Packages/s/sigul-0.207-1.el7.x86_64.rpm
state: latest
- ansible_facts['distribution_major_version'] is version('8', '<')
- name: "Download the RPM GPG KEY for CentOS 8 Sigul"
- get_url:
+ ansible.builtin.get_url:
url: https://infrastructure.fedoraproject.org/repo/infra/RPM-GPG-KEY-INFRA-TAGS
dest: /tmp/RPM-GPG-KEY-INFRA-TAGS
- mode: 0600
+ mode: "0644"
become: true
when:
- ansible_os_family == 'RedHat' and ansible_facts['distribution_major_version'] is version('8', '>=')
- name: Import RPM GPG KEY into the DB for Sigul on CentOS 8
- rpm_key:
+ ansible.builtin.rpm_key:
key: /tmp/RPM-GPG-KEY-INFRA-TAGS
state: present
become: true
- ansible_os_family == 'RedHat' and ansible_facts['distribution_major_version'] is version('8', '>=')
- name: Install sigul client for EL 8 (Streams)
- yum:
+ ansible.builtin.yum:
name:
- https://kojipkgs.fedoraproject.org/repos-dist/epel8-infra/latest/x86_64/Packages/s/sigul-1.1-1.el8.infra.x86_64.rpm
state: latest
- name: Swap to git236
block:
- name: Install yum-plugin-replace
- yum:
+ ansible.builtin.yum:
name: yum-plugin-replace
state: present
update_cache: true
package_facts:
manager: auto
- name: Replace git with git236
- command: yum replace -y git --replace-with git236
+ ansible.builtin.command: yum replace -y git --replace-with git236
args:
warn: false
when: ansible_facts.packages['git'] is defined
---
- name: Install base packages
- apt:
+ ansible.builtin.apt:
name:
- build-essential
- devscripts
- equivs
- gdebi
state: latest
- become: yes
+ become: true
---
-- import_playbook: ../common-packer/provision/baseline.yaml
+- name: Local baseline
+ import_playbook: ../common-packer/provision/baseline.yaml
---
-- import_playbook: ../common-packer/provision/docker.yaml
+- name: Local docker builder
+ import_playbook: ../common-packer/provision/docker.yaml
---
-- import_playbook: ../common-packer/provision/windows-builder.yaml
+- name: Local windows builder
+ import_playbook: ../common-packer/provision/windows-builder.yaml
---
-- hosts: all
+- name: Windows builder
+ hosts: all
tasks:
- name: Install Tools
- win_chocolatey:
- name: "{{item}}"
+ chocolatey.chocolatey.win_chocolatey:
+ name: "{{ item }}"
state: present
with_items:
- cmake
- zulu8
- name: Install OpenSSH
- win_chocolatey:
+ chocolatey.chocolatey.win_chocolatey:
name: openssh
state: present
params: /SSHAgentFeature
- name: Install CMake
- win_chocolatey:
+ chocolatey.chocolatey.win_chocolatey:
name: cmake
state: present
install_args: ADD_CMAKE_TO_PATH=System
- name: Install Visual Studio Community Edition
- win_chocolatey:
- name: "{{item}}"
+ chocolatey.chocolatey.win_chocolatey:
+ name: "{{ item }}"
with_items:
- visualstudio2017community
- visualstudio2017-workload-nativedesktop
- name: Build and Install zlib
block:
- name: Ensure C:\temp exists
- win_file:
+ ansible.windows.win_file:
path: C:\temp
state: directory
- name: Download zlib
- win_get_url:
+ ansible.windows.win_get_url:
url: https://zlib.net/zlib1211.zip
dest: C:\temp\zlib.zip
- name: Unzip zlib
- win_unzip:
+ ansible.windows.win_unzip:
src: C:\temp\zlib.zip
dest: C:\temp
- name: CMake
- win_command: >
+ ansible.windows.win_command: >
"C:\Program Files\CMake\Bin\cmake"
-DCMAKE_INSTALL_PREFIX=C:\lib\zlib
-G "Visual Studio 15 Win64"
args:
chdir: C:\temp\zlib-1.2.11
- - name: msbuild
- win_command: >
+ - name: Check msbuild
+ ansible.windows.win_command: >
"C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\MSBuild\15.0\Bin\msbuild"
zlib.sln
args:
chdir: C:\temp\zlib-1.2.11
- - name: msbuild install
- win_command: >
+ - name: Install msbuild
+ ansible.windows.win_command: >
"C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\MSBuild\15.0\Bin\msbuild"
INSTALL.vcxproj
args:
chdir: C:\temp\zlib-1.2.11
- name: Cleanup
- win_file:
+ ansible.windows.win_file:
path: C:\temp
state: absent
envlist =
docs,
docs-linkcheck,
- pre-commit
+ pre-commit,
+ lint
skipsdist = true
[testenv:docs]
basepython = python3
deps = -rdocs/requirements.txt
commands = reno {posargs:--help}
+
+[testenv:lint]
+basepython = python310
+deps =
+ ansible-lint
+ yamllint
+commands =
+ /bin/bash -c "ansible-lint --exclude meta provision/*.yaml"
+ yamllint .
+allowlist_externals =
+ /bin/bash
+ yamllint
Code Review / releng / common-packer.git / commitdiff