From 81d385b2ba3d29c3c6958d2af197186f97c519c4 Mon Sep 17 00:00:00 2001 From: Dan Mick Date: Sat, 1 Apr 2023 13:04:54 -0700 Subject: [PATCH 01/26] tools/checkcerts.py: apparently SSLError is also possible, catch Signed-off-by: Dan Mick --- tools/checkcerts.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/checkcerts.py b/tools/checkcerts.py index 901be363..e9de5790 100755 --- a/tools/checkcerts.py +++ b/tools/checkcerts.py @@ -89,7 +89,7 @@ def main(): with socket.create_connection((domain, 443)) as sock: with context.wrap_socket(sock, server_hostname=domain) as ssock: cert = ssock.getpeercert() - except ssl.CertificateError as e: + except (ssl.CertificateError, ssl.SSLError) as e: print(f'{domain} cert error: {e}', file=sys.stderr) continue expire = datetime.datetime.strptime(cert['notAfter'], From 6cb7fe05d0b36b8955e8ca5fd1a2f40c6962ca94 Mon Sep 17 00:00:00 2001 From: Ken Dreyer Date: Wed, 12 Apr 2023 14:55:02 -0400 Subject: [PATCH 02/26] common: use EPEL metalink Some mirrors are stale (https://pagure.io/fedora-infrastructure/issue/11233) Use MirrorManager's metalink application so we always get up-to-date mirrors. MirrorManager will also return the list of mirror that carry each architecture (x86_64, aarch64, etc) so we will not need to manage that information ourselves here. --- roles/common/defaults/main.yml | 4 ++-- roles/common/tasks/epel.yml | 11 ----------- roles/common/templates/epel-mirrorlist | 9 --------- roles/common/templates/epel-testing-mirrorlist | 9 --------- 4 files changed, 2 insertions(+), 31 deletions(-) delete mode 100644 roles/common/templates/epel-mirrorlist delete mode 100644 roles/common/templates/epel-testing-mirrorlist diff --git a/roles/common/defaults/main.yml b/roles/common/defaults/main.yml index a1d90e86..f42e09da 100644 --- a/roles/common/defaults/main.yml +++ b/roles/common/defaults/main.yml @@ -17,13 +17,13 @@ epel_mirror_baseurl: "http://dl.fedoraproject.org/pub/epel" epel_repos: epel: name: "Extra Packages for Enterprise Linux" - mirrorlist: file:///etc/yum.repos.d/epel-mirrorlist + metalink: "https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir" # ternary requires ansible >= 1.9 enabled: "{{ enable_epel | ternary(1, 0) }}" gpgcheck: 0 epel-testing: name: "Extra Packages for Enterprise Linux - Testing" - mirrorlist: file:///etc/yum.repos.d/epel-testing-mirrorlist + metalink: "https://mirrors.fedoraproject.org/metalink?repo=testing-epel$releasever&arch=$basearch&infra=$infra&content=$contentdir" enabled: 0 gpgcheck: 0 diff --git a/roles/common/tasks/epel.yml b/roles/common/tasks/epel.yml index f3befb8d..9b5f5dd9 100644 --- a/roles/common/tasks/epel.yml +++ b/roles/common/tasks/epel.yml @@ -16,17 +16,6 @@ register: epel_repo with_dict: "{{ epel_repos }}" -- name: Configure local epel mirrorlists - template: - src: '{{ item }}' - dest: '/etc/yum.repos.d/{{ item }}' - owner: root - group: root - mode: 0644 - with_items: - - epel-mirrorlist - - epel-testing-mirrorlist - - name: Clean yum cache shell: yum clean all when: epel_repo is defined and epel_repo is changed diff --git a/roles/common/templates/epel-mirrorlist b/roles/common/templates/epel-mirrorlist deleted file mode 100644 index a4c4b0b9..00000000 --- a/roles/common/templates/epel-mirrorlist +++ /dev/null @@ -1,9 +0,0 @@ -# {{ ansible_managed }} - -# local yum mirrorlist for epel-{{ ansible_distribution_major_version }} -http://download-ib01.fedoraproject.org/pub/epel/{{ ansible_distribution_major_version }}/{% if ansible_distribution_major_version|int >= 8 %}Everything/{% endif %}$basearch -http://download-cc-rdu01.fedoraproject.org/pub/epel/{{ ansible_distribution_major_version }}/{% if ansible_distribution_major_version|int >= 8 %}Everything/{% endif %}$basearch -http://mirrors.cat.pdx.edu/epel/{{ ansible_distribution_major_version }}/{% if ansible_distribution_major_version|int >= 8 %}Everything/{% endif %}$basearch -http://mirror.pnl.gov/epel/{{ ansible_distribution_major_version }}/{% if ansible_distribution_major_version|int >= 8 %}Everything/{% endif %}$basearch -http://ftp.linux.ncsu.edu/pub/epel/{{ ansible_distribution_major_version }}/{% if ansible_distribution_major_version|int >= 8 %}Everything/{% endif %}$basearch -http://mirror.oss.ou.edu/epel/{{ ansible_distribution_major_version }}/{% if ansible_distribution_major_version|int >= 8 %}Everything/{% endif %}$basearch diff --git a/roles/common/templates/epel-testing-mirrorlist b/roles/common/templates/epel-testing-mirrorlist deleted file mode 100644 index 2e2f519d..00000000 --- a/roles/common/templates/epel-testing-mirrorlist +++ /dev/null @@ -1,9 +0,0 @@ -# {{ ansible_managed }} - -# local yum mirrorlist for epel-testing-{{ ansible_distribution_major_version }} -http://download-ib01.fedoraproject.org/pub/epel/testing/{{ ansible_distribution_major_version }}/{% if ansible_distribution_major_version|int >= 8 %}Everything/{% endif %}$basearch -http://download-cc-rdu01.fedoraproject.org/pub/epel/testing/{{ ansible_distribution_major_version }}/{% if ansible_distribution_major_version|int >= 8 %}Everything/{% endif %}$basearch -http://mirrors.cat.pdx.edu/epel/testing/{{ ansible_distribution_major_version }}/{% if ansible_distribution_major_version|int >= 8 %}Everything/{% endif %}$basearch -http://mirror.pnl.gov/epel/testing/{{ ansible_distribution_major_version }}/{% if ansible_distribution_major_version|int >= 8 %}Everything/{% endif %}$basearch -http://fedora-epel.mirror.lstn.net/testing/{{ ansible_distribution_major_version }}/{% if ansible_distribution_major_version|int >= 8 %}Everything/{% endif %}$basearch -http://mirror.oss.ou.edu/epel/testing/{{ ansible_distribution_major_version }}/{% if ansible_distribution_major_version|int >= 8 %}Everything/{% endif %}$basearch From b911af839d08754ce8c963199140119d39ce0110 Mon Sep 17 00:00:00 2001 From: Ken Dreyer Date: Mon, 17 Apr 2023 15:28:22 -0400 Subject: [PATCH 03/26] common: use ansible_distribution_major_version in epel repos RHEL systems use roles/common/tasks/rhel-entitlements.yml, and this sets Yum's $releasever to a specific RHEL minor release (eg. 8.4 or 8.6). As a result. Fedora's MirrorManager does not return any EPEL repositories for these minor RHEL versions. We set a static $releasever in rhel-entitlements.yml so that we pin to old RHEL RPM content in our old RHEL nodes. We probably need to re-think this strategy since our CentOS Stream nodes do not (cannot) do this, and Red Hat does not really support pinning to old versions without an EUS subscription. Rather than untangling all that and removing our $releasever manipulation altogether, this commit simply hard-codes ansible_distribution_major_version ("8", "9", etc) into the EPEL .repo files, ignoring $releasever for EPEL. A longer-term fix would be to stop mangling $releasever on RHEL. --- roles/common/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/common/defaults/main.yml b/roles/common/defaults/main.yml index f42e09da..6384886f 100644 --- a/roles/common/defaults/main.yml +++ b/roles/common/defaults/main.yml @@ -17,13 +17,13 @@ epel_mirror_baseurl: "http://dl.fedoraproject.org/pub/epel" epel_repos: epel: name: "Extra Packages for Enterprise Linux" - metalink: "https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir" + metalink: "https://mirrors.fedoraproject.org/metalink?repo=epel-{{ ansible_distribution_major_version }}&arch=$basearch&infra=$infra&content=$contentdir" # ternary requires ansible >= 1.9 enabled: "{{ enable_epel | ternary(1, 0) }}" gpgcheck: 0 epel-testing: name: "Extra Packages for Enterprise Linux - Testing" - metalink: "https://mirrors.fedoraproject.org/metalink?repo=testing-epel$releasever&arch=$basearch&infra=$infra&content=$contentdir" + metalink: "https://mirrors.fedoraproject.org/metalink?repo=testing-epel{{ ansible_distribution_major_version }}&arch=$basearch&infra=$infra&content=$contentdir" enabled: 0 gpgcheck: 0 From f24ce4a7697c47066b2b29d189b13f497a843e8c Mon Sep 17 00:00:00 2001 From: Ken Dreyer Date: Mon, 17 Apr 2023 16:56:40 -0400 Subject: [PATCH 04/26] common: remove RHEL beta handling Now that mainly care about containers and we test against CentOS Stream, there's almost no value in testing Ceph with RHEL Beta content. The rhel-entitlements.yml playbook is very complicated, and dropping this feature will make it easier to simply and refactor further. --- roles/common/README.rst | 2 -- roles/common/defaults/main.yml | 7 ------ roles/common/tasks/beta_repos.yml | 15 ------------- roles/common/tasks/rhel-entitlements.yml | 28 ++---------------------- roles/common/tasks/yum_systems.yml | 1 - 5 files changed, 2 insertions(+), 51 deletions(-) delete mode 100644 roles/common/tasks/beta_repos.yml diff --git a/roles/common/README.rst b/roles/common/README.rst index 245438e5..4646df1f 100644 --- a/roles/common/README.rst +++ b/roles/common/README.rst @@ -49,8 +49,6 @@ your own local epel mirror. ``enable_epel`` is a boolean that sets whether epel repos should be enabled. Defined in ``roles/common/defaults/main.yml``. -``beta_repos`` is a dict of internal Red Hat beta repos used to create repo files in /etc/yum.repos.d. We have these defined in the secrets repo. See ``epel_repos`` for dict syntax. - ``yum_timeout`` is an integer used to set the yum timeout. Defined in ``roles/common/defaults/main.yml``. diff --git a/roles/common/defaults/main.yml b/roles/common/defaults/main.yml index 6384886f..c29513ed 100644 --- a/roles/common/defaults/main.yml +++ b/roles/common/defaults/main.yml @@ -27,13 +27,6 @@ epel_repos: enabled: 0 gpgcheck: 0 -# Override in secrets repo -beta_repos: {} - -# Default to false. A task in roles/common/tasks/yum_systems.yml -# will set this to true if lsb_release indicates the distro is an Alpha/Beta release -beta_distro: false - enable_epel: true yum_timeout: 300 diff --git a/roles/common/tasks/beta_repos.yml b/roles/common/tasks/beta_repos.yml deleted file mode 100644 index fec85741..00000000 --- a/roles/common/tasks/beta_repos.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- name: Configure internal beta repos in /etc/yum.repos.d/ - template: - src: yum_repo.j2 - dest: /etc/yum.repos.d/{{ item.key }}.repo - owner: root - group: root - mode: 0644 - register: beta_repo - with_dict: "{{ beta_repos }}" - no_log: true - -- name: Clean yum cache - shell: yum clean all - when: beta_repo is defined and beta_repo is changed diff --git a/roles/common/tasks/rhel-entitlements.yml b/roles/common/tasks/rhel-entitlements.yml index 148690d5..bfeb2267 100644 --- a/roles/common/tasks/rhel-entitlements.yml +++ b/roles/common/tasks/rhel-entitlements.yml @@ -120,7 +120,6 @@ delay: 10 failed_when: - entitled.rc != 0 - - '"Beta" not in ansible_lsb.description' - name: Set rhsm_registered if we just registered set_fact: @@ -137,29 +136,6 @@ changed_when: false failed_when: - rhsm_release_list.rc != 0 - - ansible_lsb.description is defined - - '"Beta" not in ansible_lsb.description' - -# We don't need to be registered to CDN since there's no packages available -# for this Beta/Alpha/RC installation -- name: Unregister Beta/Alpha/RC system with subscription-manager - command: subscription-manager unregister - when: ansible_distribution_version not in rhsm_release_list.stdout_lines - register: unregistered_beta_distro - until: unregistered_beta_distro is success - retries: 5 - delay: 10 - -# Setting rhsm_registered back to false allows the rest of the playbook -# (except beta_repos.yml) to be skipped -- name: Set rhsm_registered to false if Beta/Alpha/RC release - set_fact: - rhsm_registered: false - when: unregistered_beta_distro is not skipped - -- name: Run beta_repos.yml playbook for Beta/Alpha/RC release - import_tasks: beta_repos.yml - when: ansible_distribution_version not in rhsm_release_list.stdout_lines - name: Get list of enabled RHSM repos shell: subscription-manager repos --list | grep -B4 'Enabled:.*1' | grep 'Repo ID:' | sed -e 's/Repo ID:\s*\(.*\)/\1/' | sort @@ -172,10 +148,10 @@ repo_list: "{{ repo_list_cmd.stdout.split('\n') }}" when: repo_list_cmd is defined and repo_list_cmd is not skipped -- name: Set replace_repos false if entitlements are missing or if we unregistered +- name: Set replace_repos false if entitlements are missing set_fact: replace_repos: false - when: have_entitlements == false or unregistered_beta_distro is changed + when: have_entitlements == false - name: Set replace_repos true if rhsm_repos differs from repo_list set_fact: diff --git a/roles/common/tasks/yum_systems.yml b/roles/common/tasks/yum_systems.yml index f424174c..26addd1b 100644 --- a/roles/common/tasks/yum_systems.yml +++ b/roles/common/tasks/yum_systems.yml @@ -65,7 +65,6 @@ - import_tasks: rhel-entitlements.yml when: ansible_distribution == 'RedHat' and - beta_distro == false and skip_entitlements|default(false)|bool != true tags: - entitlements From 894d3b88c3126c05f6ab9c01c27da13c70a66af2 Mon Sep 17 00:00:00 2001 From: Dan Mick Date: Thu, 20 Apr 2023 13:26:12 -0700 Subject: [PATCH 05/26] Remove "switch back from mirrorlist" code for CentOS The plan is to use mirrorlist exclusively (as we've done for EPEL) because the upstream infra is changing more rapidly than our fixed list of mirrors, and hopefully it's more stable than it was in the past when we were driven to this coping mechanism of caching mirror lists. Signed-off-by: Dan Mick --- .../tasks/yum/baseurls_not_mirrorlists.yml | 30 ------------------- roles/testnode/tasks/yum/repos.yml | 5 ---- 2 files changed, 35 deletions(-) delete mode 100644 roles/testnode/tasks/yum/baseurls_not_mirrorlists.yml diff --git a/roles/testnode/tasks/yum/baseurls_not_mirrorlists.yml b/roles/testnode/tasks/yum/baseurls_not_mirrorlists.yml deleted file mode 100644 index b458bf59..00000000 --- a/roles/testnode/tasks/yum/baseurls_not_mirrorlists.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -- name: dnf check-update to see if mirrorlists are working - command: dnf check-update - register: mirrorlist_check - ignore_errors: true - -# Default to false -- set_fact: - use_baseurls: false - -- set_fact: - use_baseurls: true - when: '"all mirrors were already tried" in mirrorlist_check.stderr' - -- name: Get list of repo files we need to use baseurls for - shell: "grep -l '^mirrorlist' *.repo | grep -v epel | cut -d '.' -f1" - args: - chdir: /etc/yum.repos.d - register: repo_files_with_mirrorlists - when: use_baseurls|bool - -- name: Comment mirrorlist parameter in each repo - shell: "sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/{{ item }}.repo" - with_items: "{{ repo_files_with_mirrorlists.stdout_lines }}" - when: use_baseurls|bool - -- name: Use a baseurl instead - shell: "echo 'baseurl=http://packages.oit.ncsu.edu/centos/{{ ansible_distribution_major_version }}{{ dash_stream }}/{% if item == \"CentOS-Extras\" %}extras{% else %}{{ item | regex_replace('CentOS-','') }}{% endif %}/{{ ansible_architecture }}/os/' >> /etc/yum.repos.d/{{ item }}.repo" - with_items: "{{ repo_files_with_mirrorlists.stdout_lines }}" - when: use_baseurls|bool diff --git a/roles/testnode/tasks/yum/repos.yml b/roles/testnode/tasks/yum/repos.yml index 7a99ada4..278d8d7f 100644 --- a/roles/testnode/tasks/yum/repos.yml +++ b/roles/testnode/tasks/yum/repos.yml @@ -31,11 +31,6 @@ with_dict: "{{ yum_repos|default({}) | combine(additional_yum_repos|default({}), recursive=True) }}" when: (yum_repos.keys() | length > 0) or (additional_yum_repos.keys() | length > 0) -# Occasionally when the yum repo mirrors get updated, we get 404s when using mirrorlist -# but not when using baseurls. No idea why. -- include_tasks: yum/baseurls_not_mirrorlists.yml - when: ansible_distribution == "CentOS" - - name: Enable copr repos command: "dnf -y copr enable {{ item }}" with_items: "{{ copr_repos }}" From 0684bae7ac234fc10f14655ea7f6163a66290917 Mon Sep 17 00:00:00 2001 From: Dan Mick Date: Thu, 20 Apr 2023 13:50:12 -0700 Subject: [PATCH 06/26] Remove mirrorlists for CentOS 8 They were failing similarly to EPEL mirrorlists (old broken mirror machines, out-of-date lists), so let's try going back to out-of-the-box repo configurations. Perhaps several years later they'll work better. Signed-off-by: Dan Mick --- .../mirrorlists/8/CentOS-AppStream-mirrorlist | 7 ---- .../mirrorlists/8/CentOS-BaseOS-mirrorlist | 7 ---- .../mirrorlists/8/CentOS-Extras-mirrorlist | 7 ---- .../8/CentOS-PowerTools-mirrorlist | 7 ---- roles/testnode/vars/centos_8.yml | 34 ------------------- 5 files changed, 62 deletions(-) delete mode 100644 roles/testnode/templates/mirrorlists/8/CentOS-AppStream-mirrorlist delete mode 100644 roles/testnode/templates/mirrorlists/8/CentOS-BaseOS-mirrorlist delete mode 100644 roles/testnode/templates/mirrorlists/8/CentOS-Extras-mirrorlist delete mode 100644 roles/testnode/templates/mirrorlists/8/CentOS-PowerTools-mirrorlist diff --git a/roles/testnode/templates/mirrorlists/8/CentOS-AppStream-mirrorlist b/roles/testnode/templates/mirrorlists/8/CentOS-AppStream-mirrorlist deleted file mode 100644 index 1fa3e678..00000000 --- a/roles/testnode/templates/mirrorlists/8/CentOS-AppStream-mirrorlist +++ /dev/null @@ -1,7 +0,0 @@ -# {{ ansible_managed }} - -# local yum mirrorlist for CentOS-8 - AppStream repo -https://download-cc-rdu01.fedoraproject.org/pub/centos/{{ ansible_distribution_major_version }}{{ dash_stream }}/AppStream/x86_64/os/ -http://mirror.linux.duke.edu/pub/centos/{{ ansible_distribution_major_version }}{{ dash_stream }}/AppStream/x86_64/os/ -http://packages.oit.ncsu.edu/centos/{{ ansible_distribution_major_version }}{{ dash_stream }}/AppStream/x86_64/os/ -http://distro.ibiblio.org/centos/{{ ansible_distribution_major_version }}{{ dash_stream }}/AppStream/x86_64/os/ diff --git a/roles/testnode/templates/mirrorlists/8/CentOS-BaseOS-mirrorlist b/roles/testnode/templates/mirrorlists/8/CentOS-BaseOS-mirrorlist deleted file mode 100644 index 5711d920..00000000 --- a/roles/testnode/templates/mirrorlists/8/CentOS-BaseOS-mirrorlist +++ /dev/null @@ -1,7 +0,0 @@ -# {{ ansible_managed }} - -# local yum mirrorlist for CentOS-8 - Base repo -https://download-cc-rdu01.fedoraproject.org/pub/centos/{{ ansible_distribution_major_version }}{{ dash_stream }}/BaseOS/x86_64/os/ -http://mirror.linux.duke.edu/pub/centos/{{ ansible_distribution_major_version }}{{ dash_stream }}/BaseOS/x86_64/os/ -http://packages.oit.ncsu.edu/centos/{{ ansible_distribution_major_version }}{{ dash_stream }}/BaseOS/x86_64/os/ -http://distro.ibiblio.org/centos/{{ ansible_distribution_major_version }}{{ dash_stream }}/BaseOS/x86_64/os/ diff --git a/roles/testnode/templates/mirrorlists/8/CentOS-Extras-mirrorlist b/roles/testnode/templates/mirrorlists/8/CentOS-Extras-mirrorlist deleted file mode 100644 index b83fea36..00000000 --- a/roles/testnode/templates/mirrorlists/8/CentOS-Extras-mirrorlist +++ /dev/null @@ -1,7 +0,0 @@ -# {{ ansible_managed }} - -# local yum mirrorlist for CentOS-8 - Extras repo -https://download-cc-rdu01.fedoraproject.org/pub/centos/{{ ansible_distribution_major_version }}{{ dash_stream }}/extras/x86_64/os/ -http://mirror.linux.duke.edu/pub/centos/{{ ansible_distribution_major_version }}{{ dash_stream }}/extras/x86_64/os/ -http://packages.oit.ncsu.edu/centos/{{ ansible_distribution_major_version }}{{ dash_stream }}/extras/x86_64/os/ -http://distro.ibiblio.org/centos/{{ ansible_distribution_major_version }}{{ dash_stream }}/extras/x86_64/os/ diff --git a/roles/testnode/templates/mirrorlists/8/CentOS-PowerTools-mirrorlist b/roles/testnode/templates/mirrorlists/8/CentOS-PowerTools-mirrorlist deleted file mode 100644 index 89d3e640..00000000 --- a/roles/testnode/templates/mirrorlists/8/CentOS-PowerTools-mirrorlist +++ /dev/null @@ -1,7 +0,0 @@ -# {{ ansible_managed }} - -# local yum mirrorlist for CentOS-8 - PowerTools repo -https://download-cc-rdu01.fedoraproject.org/pub/centos/{{ ansible_distribution_major_version }}{{ dash_stream }}/PowerTools/x86_64/os/ -http://distro.ibiblio.org/centos/{{ ansible_distribution_major_version }}{{ dash_stream }}/PowerTools/x86_64/os/ -http://packages.oit.ncsu.edu/centos/{{ ansible_distribution_major_version }}{{ dash_stream }}/PowerTools/x86_64/os/ -http://mirror.nodespace.net/centos/{{ ansible_distribution_major_version }}{{ dash_stream }}/PowerTools/x86_64/os/ diff --git a/roles/testnode/vars/centos_8.yml b/roles/testnode/vars/centos_8.yml index 2268c516..e09065bb 100644 --- a/roles/testnode/vars/centos_8.yml +++ b/roles/testnode/vars/centos_8.yml @@ -9,40 +9,6 @@ common_yum_repos: enabled: 1 gpgcheck: 0 -# These will overwrite the repo files that come with a CentOS installation -yum_repos: - CentOS-AppStream: - name: "CentOS-$releasever - AppStream" - mirrorlist: file:///etc/yum.repos.d/CentOS-AppStream-mirrorlist - gpgcheck: 1 - enabled: 1 - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial - CentOS-BaseOS: - name: "CentOS-$releasever - BaseOS" - mirrorlist: file:///etc/yum.repos.d/CentOS-BaseOS-mirrorlist - gpgcheck: 1 - enabled: 1 - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial - CentOS-Extras: - name: "CentOS-$releasever - Extras" - mirrorlist: file:///etc/yum.repos.d/CentOS-Extras-mirrorlist - gpgcheck: 1 - enabled: 1 - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial - CentOS-PowerTools: - name: "CentOS-$releasever - PowerTools" - mirrorlist: file:///etc/yum.repos.d/CentOS-PowerTools-mirrorlist - gpgcheck: 1 - enabled: 1 - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial - -# These are files in roles/testnodes/templates/mirrorlists/8/ -yum_mirrorlists: - - CentOS-AppStream-mirrorlist - - CentOS-BaseOS-mirrorlist - - CentOS-Extras-mirrorlist - - CentOS-PowerTools-mirrorlist - copr_repos: - ceph/python3-asyncssh From 4e8eb35a1c01cd4e7c78b139e4fde624b71b7604 Mon Sep 17 00:00:00 2001 From: Ken Dreyer Date: Thu, 20 Apr 2023 17:04:55 -0400 Subject: [PATCH 07/26] github: add syntax and lint checks Run Ansible's syntax checks and ansible-lint on every PR and Git push. Ignore some common ansible-lint errors so we can get to green quickly. We can re-evaluate this list later and perhaps fix some of them down the road. --- .ansible-lint | 26 +++++++++++++++++++++++++ .github/workflows/tests.yml | 38 +++++++++++++++++++++++++++++++++++++ 2 files changed, 64 insertions(+) create mode 100644 .ansible-lint create mode 100644 .github/workflows/tests.yml diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 00000000..6c902028 --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,26 @@ +--- +skip_list: + - command-instead-of-module + - command-instead-of-shell + - deprecated-command-syntax + - deprecated-local-action + - empty-string-compare + - experimental + - fqcn[action-core] + - fqcn[action] + - git-latest + - jinja + - literal-compare + - load-failure + - meta-no-info + - name[casing] + - no-changed-when + - no-handler + - no-jinja-when + - no-relative-paths + - no-tabs + - package-latest + - risky-file-permissions + - risky-shell-pipe + - role-name + - unnamed-task diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml new file mode 100644 index 00000000..e334a5ac --- /dev/null +++ b/.github/workflows/tests.yml @@ -0,0 +1,38 @@ +name: tests + +on: [push, pull_request] + +jobs: + syntax-check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Install ansible + run: | + sudo apt-get update + sudo apt-get purge ansible + sudo apt-get install python3-setuptools + pip3 install ansible --user + - name: ansible-playbook syntax check + run: | + export PATH=$PATH:$HOME/.local/bin + sed -i /^vault_password_file/d ansible.cfg + ansible-playbook -i localhost, cephlab.yml --syntax-check + ansible-lint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Install ansible-lint + run: | + sudo apt-get update + sudo apt-get purge ansible + sudo apt-get install python3-setuptools + # This pinned ansible version should match teuthology's + # requirements.txt. + # And we choose an ansible-lint version to be compatible with this + # Ansible version. + pip3 install ansible==2.10.7 ansible-lint[core]==5.4.0 --user + - name: Run ansible-lint + run: | + export PATH=$PATH:$HOME/.local/bin + ansible-lint -v roles/* From 64bf5af108c337deceedb0fdb71940c9fe03009b Mon Sep 17 00:00:00 2001 From: Ken Dreyer Date: Thu, 20 Apr 2023 17:45:06 -0400 Subject: [PATCH 08/26] rook: remove duplicate YAML key "wait" caught with ansible-lint --- roles/rook/tasks/rook-recovery.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/rook/tasks/rook-recovery.yml b/roles/rook/tasks/rook-recovery.yml index 8d1df5c9..82ae0547 100644 --- a/roles/rook/tasks/rook-recovery.yml +++ b/roles/rook/tasks/rook-recovery.yml @@ -7,7 +7,6 @@ group: "{{ security_group }}" instance_type: "{{ controller_instance_type }}" image: "{{ image }}" - wait: true region: "{{ region }}" vpc_subnet_id: "{{ vpc_subnet_id }}" assign_public_ip: yes From f36506c08a6a28930bba1b5fcd3362d58688eff7 Mon Sep 17 00:00:00 2001 From: Ken Dreyer Date: Fri, 21 Apr 2023 10:49:34 -0400 Subject: [PATCH 09/26] firmware: fix task imports for ansible-lint ansible-lint cannot load tasks with these longer parent paths. load-failure: [Errno 2] No such file or directory (filenotfounderror) --- roles/firmware/tasks/areca/main.yml | 2 +- roles/firmware/tasks/mira/bios.yml | 2 +- roles/firmware/tasks/mira/bmc.yml | 2 +- roles/firmware/tasks/smithi/bmc.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/firmware/tasks/areca/main.yml b/roles/firmware/tasks/areca/main.yml index be0af13b..033e459d 100644 --- a/roles/firmware/tasks/areca/main.yml +++ b/roles/firmware/tasks/areca/main.yml @@ -30,5 +30,5 @@ (current_areca_version.stdout != latest_{{ areca_model_pretty }}_version) - name: Run Areca firmware update playbook - import_tasks: roles/firmware/tasks/areca/areca-update.yml + import_tasks: areca/areca-update.yml when: need_areca_update is defined and need_areca_update == true diff --git a/roles/firmware/tasks/mira/bios.yml b/roles/firmware/tasks/mira/bios.yml index b68fcd2d..c555600a 100644 --- a/roles/firmware/tasks/mira/bios.yml +++ b/roles/firmware/tasks/mira/bios.yml @@ -10,5 +10,5 @@ when: current_bios_version.stdout != latest_bios_version - name: Include BIOS update logic - import_tasks: roles/firmware/tasks/mira/bios-update.yml + import_tasks: mira/bios-update.yml when: need_bios_update is defined and need_bios_update == true diff --git a/roles/firmware/tasks/mira/bmc.yml b/roles/firmware/tasks/mira/bmc.yml index 64d0a237..7c261c97 100644 --- a/roles/firmware/tasks/mira/bmc.yml +++ b/roles/firmware/tasks/mira/bmc.yml @@ -23,5 +23,5 @@ when: current_bmc_version.stdout != latest_bmc_version - name: Include BMC update logic - import_tasks: roles/firmware/tasks/mira/bmc-update.yml + import_tasks: mira/bmc-update.yml when: need_bmc_update is defined and need_bmc_update == true diff --git a/roles/firmware/tasks/smithi/bmc.yml b/roles/firmware/tasks/smithi/bmc.yml index f11beb7f..3c3400bb 100644 --- a/roles/firmware/tasks/smithi/bmc.yml +++ b/roles/firmware/tasks/smithi/bmc.yml @@ -23,5 +23,5 @@ when: current_bmc_version.stdout != latest_bmc_version - name: Include BMC update logic - import_tasks: roles/firmware/tasks/smithi/bmc-update.yml + import_tasks: smithi/bmc-update.yml when: need_bmc_update is defined and need_bmc_update == true From 0c60b3ddd8df459b738686ccd5123eeff7c571e6 Mon Sep 17 00:00:00 2001 From: Ken Dreyer Date: Fri, 21 Apr 2023 10:48:14 -0400 Subject: [PATCH 10/26] use spaces around variables for ansible-lint --- roles/cobbler/tasks/settings.yml | 2 +- roles/fog-server/tasks/main.yml | 2 +- roles/testnode/tasks/cpan.yml | 2 +- roles/testnode/tasks/ntp.yml | 2 +- roles/users/tasks/filter_users.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/cobbler/tasks/settings.yml b/roles/cobbler/tasks/settings.yml index 8623bc21..971e55f2 100644 --- a/roles/cobbler/tasks/settings.yml +++ b/roles/cobbler/tasks/settings.yml @@ -28,5 +28,5 @@ when: users_digest is changed or dynamic_settings is changed or server_value is changed - name: Update settings - command: cobbler setting edit --name={{ item.name }} --value={{ item.value}} + command: cobbler setting edit --name={{ item.name }} --value={{ item.value }} with_items: "{{ settings }}" diff --git a/roles/fog-server/tasks/main.yml b/roles/fog-server/tasks/main.yml index a647a31f..17c4de14 100644 --- a/roles/fog-server/tasks/main.yml +++ b/roles/fog-server/tasks/main.yml @@ -9,7 +9,7 @@ - name: Ensure a path for FOG file: - path: "/home/{{ fog_user}}/fog" + path: "/home/{{ fog_user }}/fog" owner: "{{ fog_user }}" state: directory diff --git a/roles/testnode/tasks/cpan.yml b/roles/testnode/tasks/cpan.yml index 05362460..2925c8d4 100644 --- a/roles/testnode/tasks/cpan.yml +++ b/roles/testnode/tasks/cpan.yml @@ -34,7 +34,7 @@ mode: 0755 - name: Ensure perl-doc and cpanminus is installed on apt systems. - apt: name={{item}} state=present + apt: name={{ item }} state=present with_items: - cpanminus - perl-doc diff --git a/roles/testnode/tasks/ntp.yml b/roles/testnode/tasks/ntp.yml index 9ec8f403..f93bef2e 100644 --- a/roles/testnode/tasks/ntp.yml +++ b/roles/testnode/tasks/ntp.yml @@ -49,7 +49,7 @@ - name: Make sure ntpd is running. service: - name: "{{ntp_service_name}}" + name: "{{ ntp_service_name }}" enabled: yes state: started # There's an issue with ansible<=2.9 and our custom built kernels (5.8 as of this commit) where the service and systemd modules don't have backwards compatibility with init scripts diff --git a/roles/users/tasks/filter_users.yml b/roles/users/tasks/filter_users.yml index 280f1ac9..8c7124dd 100644 --- a/roles/users/tasks/filter_users.yml +++ b/roles/users/tasks/filter_users.yml @@ -18,7 +18,7 @@ # in managed_admin_users managed_users: "[{% for lab_user in managed_users -%} - {% if not managed_admin_users|selectattr('name', 'equalto', lab_user.name)|list|length %}{{ lab_user}},{% endif %} + {% if not managed_admin_users|selectattr('name', 'equalto', lab_user.name)|list|length %}{{ lab_user }},{% endif %} {%- endfor %}]" when: extra_admin_users is defined and extra_admin_users|length > 0 From bc20a9dc84e93fab7392ca9e3223c7f1d0ab7fcf Mon Sep 17 00:00:00 2001 From: Ken Dreyer Date: Fri, 21 Apr 2023 10:57:15 -0400 Subject: [PATCH 11/26] public_facing: skip no-tabs linter rule on single task Instead of skipping ansible-lint's no-tabs rule globally, apply it on this single task that uses a tab (\t) character. Longer-term, we could replace this tab with a space because /etc/hosts can use either whitespace character. I'm taking a cautious approach today for simplicity. --- .ansible-lint | 1 - roles/public_facing/tasks/letsencrypt_nginx.yml | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.ansible-lint b/.ansible-lint index 6c902028..578703e5 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -18,7 +18,6 @@ skip_list: - no-handler - no-jinja-when - no-relative-paths - - no-tabs - package-latest - risky-file-permissions - risky-shell-pipe diff --git a/roles/public_facing/tasks/letsencrypt_nginx.yml b/roles/public_facing/tasks/letsencrypt_nginx.yml index f1370a43..3dcd31e7 100644 --- a/roles/public_facing/tasks/letsencrypt_nginx.yml +++ b/roles/public_facing/tasks/letsencrypt_nginx.yml @@ -16,7 +16,7 @@ state: present # 'letsencrypt renew' fails because it can't reach the letsencrypt authority server using IPv6 -- name: Create cron entry to force IPv4 connectivity to letsencrypt authority server +- name: Create cron entry to force IPv4 connectivity to letsencrypt authority server # noqa no-tabs cron: name: "Forces letsencrypt to use IPv4 when accessing acme-v01.api.letsencrypt.org" hour: "0" From 00d4e68111e53be782ba395c3f718daa10db0579 Mon Sep 17 00:00:00 2001 From: Dan Mick Date: Mon, 24 Apr 2023 15:59:52 -0700 Subject: [PATCH 12/26] Remove stream.yml from testnode role; leave repo files be Signed-off-by: Dan Mick --- roles/testnode/tasks/yum/stream.yml | 12 ------------ roles/testnode/tasks/yum_systems.yml | 6 ------ 2 files changed, 18 deletions(-) delete mode 100644 roles/testnode/tasks/yum/stream.yml diff --git a/roles/testnode/tasks/yum/stream.yml b/roles/testnode/tasks/yum/stream.yml deleted file mode 100644 index c216c9ea..00000000 --- a/roles/testnode/tasks/yum/stream.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# In non-Stream CentOS versions, ceph-cm-ansible takes care of overwriting the Distro/ISO-provided repo files. -# Since we convert from CentOS 8.X to CentOS Stream, we have to delete the Stream repo files that the process creates. -# We just don't want to rely on CentOS' infra to provide our mirror lists. It has bitten us in the past. -- name: Clean up Stream distro-provided repos - shell: "rm -rvf /etc/yum.repos.d/*-Stream-*" - -- name: Include CentOS Stream specific variables - include_vars: "{{ item }}" - with_first_found: - - "{{ ansible_distribution | lower | regex_replace(' ', '_') }}_{{ ansible_distribution_major_version }}_stream.yml" - - empty.yml diff --git a/roles/testnode/tasks/yum_systems.yml b/roles/testnode/tasks/yum_systems.yml index 2be3c5c0..09d13c87 100644 --- a/roles/testnode/tasks/yum_systems.yml +++ b/roles/testnode/tasks/yum_systems.yml @@ -74,12 +74,6 @@ tags: - repos -- name: Perform CentOS Stream related tasks - import_tasks: yum/stream.yml - when: is_stream|default('false')|bool - tags: - - repos - - name: Setup local repo files. import_tasks: yum/repos.yml tags: From 445ed1898414ab434334881fd4d77347883df597 Mon Sep 17 00:00:00 2001 From: Dan Mick Date: Wed, 3 May 2023 16:26:30 -0700 Subject: [PATCH 13/26] cobbler_profile download_iso.yml: use checksum parameter sha256sum was deprecated, and disappeared by ansible-core 2.10. checksum: "sha256:" is the same. Signed-off-by: Dan Mick --- roles/cobbler_profile/tasks/download_iso.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/cobbler_profile/tasks/download_iso.yml b/roles/cobbler_profile/tasks/download_iso.yml index c81d7ffa..66ef6921 100644 --- a/roles/cobbler_profile/tasks/download_iso.yml +++ b/roles/cobbler_profile/tasks/download_iso.yml @@ -7,6 +7,6 @@ get_url: url={{ distro.iso }} dest={{ iso_path }} - sha256sum={{ distro.sha256 }} + checksum=sha256:{{ distro.sha256 }} when: profile is defined and profile.stdout == '' register: download From f587105d4132f468d8a3cc50189527d9ef4ac52a Mon Sep 17 00:00:00 2001 From: Dan Mick Date: Wed, 3 May 2023 16:28:08 -0700 Subject: [PATCH 14/26] Add CentOS-8.5 (to build centos8.stream on top of newer release) centos8.stream is an odd build because of bugs; we don't use CentOS 8.5 directly anymore, but it's now the base of the stream image. Signed-off-by: Dan Mick --- cobbler.yml | 1 + roles/cobbler_profile/defaults/main.yml | 8 ++++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/cobbler.yml b/cobbler.yml index 3c187ef1..91e64404 100644 --- a/cobbler.yml +++ b/cobbler.yml @@ -45,6 +45,7 @@ - { role: cobbler_profile, distro_name: CentOS-8.2-x86_64, tags: ['centos8.2'] } - { role: cobbler_profile, distro_name: CentOS-8.3-x86_64, tags: ['centos8.3'] } - { role: cobbler_profile, distro_name: CentOS-8.4-x86_64, tags: ['centos8.4'] } + - { role: cobbler_profile, distro_name: CentOS-8.5-x86_64, tags: ['centos8.5'] } - { role: cobbler_profile, distro_name: CentOS-8.stream-x86_64, tags: ['centos8.stream'] } - { role: cobbler_profile, distro_name: CentOS-9.stream-x86_64, tags: ['centos9.stream'] } - { role: cobbler_profile, distro_name: Ubuntu-12.04-server-x86_64, tags: ['ubuntu-precise'] } diff --git a/roles/cobbler_profile/defaults/main.yml b/roles/cobbler_profile/defaults/main.yml index 28cae4c1..64e94835 100644 --- a/roles/cobbler_profile/defaults/main.yml +++ b/roles/cobbler_profile/defaults/main.yml @@ -1,7 +1,7 @@ --- distros: - # Distros with empty iso values will be skipped. These dicts will be - # updated with same-named items in an 'extra_distros' var, which can be + # Distros with empty iso values will be skipped. These dicts will be + # updated with same-named items in an 'extra_distros' var, which can be # set in the secrets repo. "inktank-rescue": iso: "" @@ -135,6 +135,10 @@ distros: iso: http://packages.oit.ncsu.edu/centos/8.4.2105/isos/x86_64/CentOS-8.4.2105-x86_64-dvd1.iso sha256: 0394ecfa994db75efc1413207d2e5ac67af4f6685b3b896e2837c682221fd6b2 kickstart: cephlab_rhel.ks + "CentOS-8.5-x86_64": + iso: https://mirror.cs.pitt.edu/centos-vault/8.5.2111/isos/x86_64/CentOS-8.5.2111-x86_64-dvd1.iso + sha256: 3b795863001461d4f670b0dedd02d25296b6d64683faceb8f2b60c53ac5ebb3e + kickstart: cephlab_rhel.ks "Ubuntu-12.04-server-x86_64": iso: "http://releases.ubuntu.com/12.04/ubuntu-12.04.5-server-amd64.iso" sha256: af224223de99e2a730b67d7785b657f549be0d63221188e105445f75fb8305c9 From 7d8bae4906417a5993ad168a922851f16b18d26c Mon Sep 17 00:00:00 2001 From: Dan Mick Date: Thu, 4 May 2023 00:58:02 -0700 Subject: [PATCH 15/26] cephlab_ansible.sh: use scl rh-python38 on CentOS 7 cephlab_ansible.sh runs at the very end of the installation process during a cobbler install for fog image capture, on first reboot of the freshly-cobblered system. Cobbler runs on a CentOS 7 installation today, but its python is too old to support modern ansible. The SCL for python 3.8 is installed on cobbler. Add code here to, if installed, enable the SCL (by setting some paths in the trigger script that is executed on the cobbler server after the installed host reboots; a curl fetch is placed at the end of /etc/rc.local, and this script runs to finish up all the configuration of the host for teuthology use. Signed-off-by: Dan Mick --- .../templates/triggers/install/post/cephlab_ansible.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/roles/cobbler/templates/triggers/install/post/cephlab_ansible.sh b/roles/cobbler/templates/triggers/install/post/cephlab_ansible.sh index 3120bf55..f60e1232 100644 --- a/roles/cobbler/templates/triggers/install/post/cephlab_ansible.sh +++ b/roles/cobbler/templates/triggers/install/post/cephlab_ansible.sh @@ -1,6 +1,14 @@ #!/bin/bash ## {{ ansible_managed }} set -ex + +# Cobbler on CentOS 7 in May 2023 needed a later python than the default 3.6 +# check for SCL 3.8 and enable if so. scl enable starts a child shell; the undocumented +# scl_source sets the environment variables (PATH, LD_LIBRARY_PATH, MANPATH, PKG_CONFIG_PATH, +# and XDG_DATA_DIRS) in the current shell. + +if scl -l | grep -s rh-python38 >/dev/null 2>&1 ; then source scl_source enable rh-python38; fi + name=$2 profile=$(cobbler system dumpvars --name $2 | grep profile_name | cut -d ':' -f2) export USER=root From 4a764e035adad2d0a5154422396c62e9ba647dea Mon Sep 17 00:00:00 2001 From: Dan Mick Date: Thu, 11 May 2023 14:40:05 -0700 Subject: [PATCH 16/26] tools/checkcerts.py: add paddles.front to list of checked hosts Signed-off-by: Dan Mick --- tools/checkcerts.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/checkcerts.py b/tools/checkcerts.py index e9de5790..d4d5da7c 100755 --- a/tools/checkcerts.py +++ b/tools/checkcerts.py @@ -29,6 +29,7 @@ 'jenkins.rook.io', 'lists.ceph.io', 'pad.ceph.com', + 'paddles.front.sepia.ceph.com', 'pulpito.ceph.com', 'quay.ceph.io', 'sentry.ceph.com', From 1c2f430454e3e8ada8601089c1e04a9ded0f0b6e Mon Sep 17 00:00:00 2001 From: Zack Cerza Date: Wed, 31 May 2023 16:44:01 -0600 Subject: [PATCH 17/26] teuthology: Tell browsers not to sniff test logs Signed-off-by: Zack Cerza --- roles/teuthology/templates/nginx.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/teuthology/templates/nginx.conf b/roles/teuthology/templates/nginx.conf index 62d1542a..d459062d 100644 --- a/roles/teuthology/templates/nginx.conf +++ b/roles/teuthology/templates/nginx.conf @@ -11,6 +11,9 @@ server { server_name {{ inventory_hostname }}; location /teuthology { alias {{ archive_base }}; + # Prevents Chromium from thinking certain text files are binary, + # e.g. console logs while reimaging is underway + add_header X-Content-Type-Options nosniff; } types { text/plain log; From 5267ce33e7610a92175ccccd09cf664429f099c6 Mon Sep 17 00:00:00 2001 From: Dan Mick Date: Fri, 2 Jun 2023 02:12:59 -0700 Subject: [PATCH 18/26] testnode: Make sure PowerTools repo is enabled on CentOS https://github.com/ceph/ceph-cm-ansible/pull/731 removed the custom-made repo files that added mirrorlists; however, it also removed the side-effect of enabling the Power Tools repo (which is not enabled by default). This adds a call to dnf config-manager to enable the repo, whatever its repo file name, on CentOS testnodes. Fixes: https://tracker.ceph.com/issues/59678 Signed-off-by: Dan Mick --- roles/testnode/tasks/yum/repos.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/testnode/tasks/yum/repos.yml b/roles/testnode/tasks/yum/repos.yml index 278d8d7f..493f416a 100644 --- a/roles/testnode/tasks/yum/repos.yml +++ b/roles/testnode/tasks/yum/repos.yml @@ -38,6 +38,11 @@ - (ansible_os_family == "RedHat" and ansible_distribution_major_version|int >= 8) - copr_repos|length > 0 +- name: Enable PowerTools on CentOS + command: "dnf -y config-manager --set-enabled powertools" + when: + - ansible_distribution == 'CentOS' + - import_tasks: gpg_keys.yml when: ansible_distribution == "Fedora" tags: From bc7161dc5bfd95cf9569e2be895d37e261dcaab9 Mon Sep 17 00:00:00 2001 From: Dan Mick Date: Tue, 20 Jun 2023 21:08:41 -0700 Subject: [PATCH 19/26] tools/checkcerts.py: pretty up the output a bit for reading ease Signed-off-by: Dan Mick --- tools/checkcerts.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tools/checkcerts.py b/tools/checkcerts.py index d4d5da7c..e0d3efcd 100755 --- a/tools/checkcerts.py +++ b/tools/checkcerts.py @@ -98,11 +98,12 @@ def main(): now = datetime.datetime.utcnow() left = expire - now + leftstr = f'{domain:30s} cert: {str(left).rsplit(".",1)[0]} left until it expires' if not args.quiet: - print(f'{domain}\'s cert has {left} left', file=sys.stderr) + print(leftstr, file=sys.stderr) if left < warn and args.email: subject = f'{domain}\'s SSL Cert is expiring soon.' - body = f'{domain}\'s SSL cert has {left} left until it expires' + body = leftstr email = args.email if email == []: email = DEFAULT_EMAIL From 52aa551a507b0cbf5b1a5e3afc9ea172d1d9d325 Mon Sep 17 00:00:00 2001 From: Casey Bodley Date: Wed, 21 Jun 2023 12:51:08 -0400 Subject: [PATCH 20/26] testnode: replace 'powertools' with 'crb' for centos 9+ Signed-off-by: Casey Bodley --- roles/testnode/tasks/yum/repos.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/roles/testnode/tasks/yum/repos.yml b/roles/testnode/tasks/yum/repos.yml index 493f416a..8caecc41 100644 --- a/roles/testnode/tasks/yum/repos.yml +++ b/roles/testnode/tasks/yum/repos.yml @@ -42,6 +42,13 @@ command: "dnf -y config-manager --set-enabled powertools" when: - ansible_distribution == 'CentOS' + - ansible_distribution_major_version | int < 9 + +- name: Enable CodeReady Linux Builder on CentOS 9 + command: "dnf -y config-manager --set-enabled crb" + when: + - ansible_distribution == 'CentOS' + - ansible_distribution_major_version | int >= 9 - import_tasks: gpg_keys.yml when: ansible_distribution == "Fedora" From f55c302e97e54846329284f2e233f150c675b1ca Mon Sep 17 00:00:00 2001 From: Dan Mick Date: Mon, 15 May 2023 18:38:17 -0700 Subject: [PATCH 21/26] common/tasks/rhel-entitlements.yml: regenerate machine-id We can't leave /etc/machine-id blank; it breaks things, one of which is the kernel install, which runs a postinstall script to update /boot/loader/entries, which does nothing (silently) if there's nothing in /etc/machine-id. Since it can come from the dbus id, and does by default, and there's a command to generate the dbus id, generate both, dbus first. This fixes the kernel postinstall. I don't know if there should be any correlation between machine-id and the subscription-manager/katello IDs. Signed-off-by: Dan Mick --- roles/common/tasks/rhel-entitlements.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/roles/common/tasks/rhel-entitlements.yml b/roles/common/tasks/rhel-entitlements.yml index bfeb2267..477587b3 100644 --- a/roles/common/tasks/rhel-entitlements.yml +++ b/roles/common/tasks/rhel-entitlements.yml @@ -50,6 +50,12 @@ register: new_uuid when: use_satellite == true +- name: Run dbus-uuidgen to create /var/lib/dbus/machine-id + shell: dbus-uuidgen --ensure + +- name: Run systemd-machine-id-setup to set /etc/machine-id + shell: systemd-machine-id-setup + - name: Add new UUID to dmi_system_uuid.facts ansible.builtin.lineinfile: path: /etc/rhsm/facts/dmi_system_uuid.facts @@ -178,6 +184,15 @@ retries: 5 delay: 10 +# recreate the removed machine-id files to avoid breaking +# other parts of the system, /bin/install-kernel for instance + +- name: Run dbus-uuidgen to create /var/lib/dbus/machine-id + shell: dbus-uuidgen --ensure + +- name: Run systemd-machine-id-setup to set /etc/machine-id + shell: systemd-machine-id-setup + - name: Remove old apt-mirror repository definition. file: path: /etc/yum.repos.d/cd.repo From 054651a858e0bc00810a2f4ef9a54e39b861e158 Mon Sep 17 00:00:00 2001 From: Adam Kraitman Date: Sun, 30 Jul 2023 16:54:31 +0300 Subject: [PATCH 22/26] Adding VMware ESXi-7.0 to cobbler Fixes: https://tracker.ceph.com/issues/61779 Signed-off-by: Adam Kraitman --- cobbler.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/cobbler.yml b/cobbler.yml index 91e64404..81047978 100644 --- a/cobbler.yml +++ b/cobbler.yml @@ -57,5 +57,6 @@ - { role: cobbler_profile, distro_name: openSUSE-15.0-x86_64, tags: ['opensuse-15.0'] } - { role: cobbler_profile, distro_name: openSUSE-15.1-x86_64, tags: ['opensuse-15.1'] } - { role: cobbler_profile, distro_name: openSUSE-15.2-x86_64, tags: ['opensuse-15.2'] } + - { role: cobbler_profile, distro_name: VMware-ESXi-7.0-x86_64, tags: ['esxi-7.0'] } - cobbler_systems become: true From 415aebea0247cbc99897ee98f7af569999806dfb Mon Sep 17 00:00:00 2001 From: Xiubo Li Date: Wed, 2 Aug 2023 09:12:53 +0800 Subject: [PATCH 23/26] centos_9: install dbench package Fixes: https://tracker.ceph.com/issues/62227 Signed-off-by: Xiubo Li --- roles/testnode/vars/centos_9.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/testnode/vars/centos_9.yml b/roles/testnode/vars/centos_9.yml index f32585fc..89b78d10 100644 --- a/roles/testnode/vars/centos_9.yml +++ b/roles/testnode/vars/centos_9.yml @@ -69,13 +69,13 @@ packages: # for pjd tests - libacl-devel # for fs tests, -# - dbench - autoconf # for test-crash.sh - gdb # - iozone -epel_packages: [] +epel_packages: + - dbench nfs_service: nfs-server From 3dcbd56ba8ff616f707d9317e26ff687e187dc39 Mon Sep 17 00:00:00 2001 From: Xiubo Li Date: Wed, 2 Aug 2023 10:14:10 +0800 Subject: [PATCH 24/26] centos_8: install dbench package from epel Fixes: https://tracker.ceph.com/issues/62227 Signed-off-by: Xiubo Li --- roles/testnode/vars/centos_8.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/testnode/vars/centos_8.yml b/roles/testnode/vars/centos_8.yml index e09065bb..a1b03b15 100644 --- a/roles/testnode/vars/centos_8.yml +++ b/roles/testnode/vars/centos_8.yml @@ -61,13 +61,13 @@ packages: # for pjd tests - libacl-devel # for fs tests, - - dbench - autoconf # for test-crash.sh - gdb - iozone -epel_packages: [] +epel_packages: + - dbench nfs_service: nfs-server From c10b1a380b0d3f072f0ead8372b30de83468613b Mon Sep 17 00:00:00 2001 From: Xiubo Li Date: Wed, 2 Aug 2023 12:17:11 +0800 Subject: [PATCH 25/26] centos_8_stream: install dbench package from epel Fixes: https://tracker.ceph.com/issues/62227 Signed-off-by: Xiubo Li --- roles/testnode/vars/centos_8_stream.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/testnode/vars/centos_8_stream.yml b/roles/testnode/vars/centos_8_stream.yml index a6c8aef3..2cb04ef5 100644 --- a/roles/testnode/vars/centos_8_stream.yml +++ b/roles/testnode/vars/centos_8_stream.yml @@ -54,7 +54,6 @@ packages: # for pjd tests - libacl-devel # for fs tests, - - dbench - autoconf # for test-crash.sh - gdb @@ -62,3 +61,6 @@ packages: # centos stream additions start here - lvm2 + +epel_packages: + - dbench From 4f752a4c3649e0e11602857987bdaa25bb21fbac Mon Sep 17 00:00:00 2001 From: Dan Mick Date: Thu, 24 Aug 2023 21:29:02 -0700 Subject: [PATCH 26/26] roles/testnode/vars/centos_9.yml: add lab-extras and iozone iozone is present in the newly-created lab-extras repo, for the same reasons it's in other CentOS configs Signed-off-by: Dan Mick --- roles/testnode/vars/centos_9.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/roles/testnode/vars/centos_9.yml b/roles/testnode/vars/centos_9.yml index 89b78d10..bd9b14bd 100644 --- a/roles/testnode/vars/centos_9.yml +++ b/roles/testnode/vars/centos_9.yml @@ -1,7 +1,12 @@ --- # vars specific to any centos 9.x version -common_yum_repos: {} +common_yum_repos: + lab-extras: + name: "lab-extras" + baseurl: "http://{{ mirror_host }}/lab-extras/9/" + enabled: 1 + gpgcheck: 0 yum_repos: CentOS-AppStream: @@ -72,7 +77,7 @@ packages: - autoconf # for test-crash.sh - gdb -# - iozone + - iozone epel_packages: - dbench