The pastebinit command-line tool hard-codes an allowed list of
pastebin URLs, one of which is "http://paste.openstack.org" so
redirecting to HTTPS and to other hostnames seems to break it.
It has a specific user-agent, so allow plain HTTP access for this
tool, but redirect others.
It is buggy (throwing exceptions for undefinied variables which are
actualyl defined via set_fact), and we frequently run into problems
using it in this repo. It was designed to lint roles for Galaxy,
not the way we write ansible. As of the 5.0.0 release it's
generating >4.5K lines of complaints about files in this repository.
This runs selenium from a container on a node, and exposes port 4444
so you can issue commands to it. This is used in the follow-on
I56cda99790d3c172e10b664e57abeca10efc5566 to take some screenshots of
As described inline, installing ansible from source now installs the
"ansible-core" package, instead of "ansible-base". Since they can't
live together nicely, we have to do a manual override for the devel
testinfra was project moved and renamed at the same time. Only
the package name was renamed, the module installed is still the same
testinfra and there are no known side effects.
We have several tox environments that don't really share the same
dependencies. Currently we put everything into test-requirements.txt,
meaning the linter environment gets testinfra and testinfra
environment gets things like ansible-lint it's not using.
Apart from being a bit faster not installing things, this is helpful
for restoring the ansible -devel test. In that case, we have ansible
as a project dependency; when installing from git, ansible now
installs itself as "ansible-base" ("ansible" is the released pypi
package that incorporates collections). So if we install ansible-lint
in the testinfra environment, this pulls in ansible ... and then it
breaks when tox wants to install our Zuul clone of upstream ansible
(you can't have ansible and ansible-base together).
Make inventory/service for service-specific things, including the
groups.yaml group definitions, and inventory/base for hostvars
related to the base system, including the list of hosts.
Move the exisitng host_vars into inventory/service, since most of
them are likely service-specific. Move group_vars/all.yaml into
base/group_vars as almost all of it is related to base things,
with the execption of the gerrit public key.
A followup patch will move host-specific values into equivilent
files in inventory/base.
This should let us override hostvars in gate jobs. It should also
allow us to do better file matchers - and to be able to organize
our playbooks move if we want to.
Create a zuul_data fixture for testinfra.
The fixture directly loads the inventory from the inventory YAML file
written out. This lets you get easy access to the IP addresses of the
We pass in the "zuul" variable by writing it out to a YAML file on
disk, and then passing an environment variable to this. This is
useful for things like determining which job is running. Additional
arbitrary data could be added to this if required.
ansible-lints ability to find ansible files is less than
good. Go back to find - but leave the config in the .ansible-lint
file since that does clean up the command invocation.
While we're there - turn off quiet - let's be loud.
This will give us a nice link to the goaccess reports on the zuul
dashboard build pages.
Move ansible-lint config into config file
As of 4.2.0 we can configure ansible-lint with a config file. It's
also apparently now smart enough to only find ansible yaml. Let's
see how that goes.
Add a fake zuul_return module
This should let us fake out ansible-lint without having to install
all of zuul.
This has got me a number of times; I think we can tell in review if a
task firing in response to a "changed" is best in a handler or not.
Remove existing noqa flags
This runs openstack/inventory.yaml through a basic syntax check. This
would have caught a typo such as in
In a follow-on change (I9bf74df351e056791ed817180436617048224d2c) I
want to use #noqa to ignore an ansible-lint rule on a task; however
emperical testing shows that it doesn't work with 3.5.1. Upgrading to
4.1.0 it seems whatever was wrong has been fixed.
This, however, requires upgrading to 4.1.0.
I've been through the errors ... the comments inline I think justify
what has been turned off. The two legitimate variable space issues I
have rolled into this change; all other hits were false positives as
Add an option to run a playbook (in the fake bridge context) after
running the base playbook. Use this to run a new playbook which
exercises gitea project creation after bootstrapping the gitea
Disable ansible-lint 304 because it erroneously thinks shell and
command are the same thing.
It's designed to always be used from the latest version.
This trips an ansible lint rule (ANSIBLE0010) which we can ignore, as
we often have pip things that we want to install the latest release
This mocks out enough of the Ansible inventory framework so we can
test the group matching against a range of corner cases as present in
the results.yaml file.
Add a job which runs testinfra for the eavesdrop server. When we
have a per-hostgroup playbook, we will add it to this job too.
The puppet group is removed from the run-base job because the
groups.yaml file is now used to construct groups (as it does
in production) and will construct the group correctly.
The testinfra iptables module may throw an error if it's run
multiple times simultaneously on the same host. To avoid this,
stop using parallel execution.
This adds a job which creates a bridge-like node and bootstraps it,
and then runs the base playbook against all of the node types we
use in our control plane. It uses testinfra to validate the results.
With the dependent change, zuul-sphinx will raise a warning when the
autoroles matcher finds a role without a README.rst. Since we
error-on-warnings this will stop the docs build. Thus we don't need
this explicit linters check.
Move the exim role to be a "generic" role in the top-level roles/
directory, making it available for use as a Zuul role.
Update the linters jobs to look for roles in the top level
Update the Role documentation to explain what the split in roles is
These role docs aren't exactly War and Peace, but I think longer term
as we fiddle about making things generic or not and moving them
around, we'll be better off having kept ourselves to writing
Add terse README.rst files for all existing roles, and add simple
linter check to ensure new roles get them too.
Currently we're building docs with python 2. It works fine with
python3, so move the basepython override up to the top level so we're
ansible-lint 3.4.22 seems to have introduced a change in behaviour
in how it parses the excludes (-x) back in March. However, it
seems that the new release never got pushed to PyPi until now.
This has resulted in the linting jobs failing, so switching the
format to be the new one instead of pinning to an older release.
This fixes the issues we have with our rename_repos.yaml file. We are
also skipping additional failures for now, which will be cleaned up in
a follow up patch.
Signed-off-by: Paul Belanger <firstname.lastname@example.org>
Merge the currently not used modulesenv target into the linters
target so that we test that modules are sorted properly which is
some kind of lint. There's no need to run an extra VM just
for checking the sorting, so include it here.
Exclude .eggs directory from testing.
The run-pep8 script now calls "python setup.py sdist" and that
one creates an .eggs directory that should not be tested.
Manage nodepool configurations using the common-ci solution
Remove nodepool.yaml.erb from this repo as openstackci::nodepool
will pull it in from project-config/nodepool/nodepool.yaml
Remove the tox nodepool environment and test dependency as it
has been migrated to project-config
The nodepool logging template file and associated tool that generates the file
will remain in this repo. In the short term, updates to nodepool.yaml in
project-config repo may require a related change in this repo to update the logging
configuration. In the longer term, nodepool will be updated to automatically
log image creations without needing a customized logging configuration.
Add validation test for the nodepool configuration. We get nodepool
directly from git so we can always handle the latest syntax changes
Fix all of the bashate failures. Also, bashate will install its negative
tests in its virtualenv, so we need to generate a list of files to pass to
bashate that excludes .tox/
Commit number 3fa3be7ede initially
added the upstream testenv, but it was merged to the 'projects'
testenv a long time ago. Which is now obsolete, because of the
split to project-config.
Since the split to project-config, there is no longer a need to
run 'tox' for projects_alphabetized, since those resources no
longer exist. Also removing the shell scripts that were running
Add bashate to test-requirements.txt, add a tox env for bashate, and start
running it on config. Also convert devstack to run bashate via tox rather than
via run_tests.sh (the needed tox.ini changes to devstack have already merged).