Skip to content

Commit 4388f8d

Browse files
committed
Merge stackhpc/wallaby into stackhpc/xena
2 parents e8c8113 + a7e37d1 commit 4388f8d

18 files changed

+464
-35
lines changed

README.rst

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -230,7 +230,7 @@ ci-aio
230230
Prerequisites
231231
^^^^^^^^^^^^^
232232

233-
* a CentOS Stream 8 host
233+
* a CentOS Stream 8 or Ubuntu Focal 20.04 host
234234
* access to the local Pulp server
235235

236236
Setup
@@ -329,7 +329,7 @@ service, and pushed there once built.
329329
Prerequisites
330330
^^^^^^^^^^^^^
331331

332-
* a CentOS Stream 8 host
332+
* a CentOS Stream 8 or Ubuntu Focal 20.04 host
333333
* access to the local Pulp server
334334

335335
Setup

etc/kayobe/ansible/pulp-repo-promote-production.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,4 +6,5 @@
66
- import_role:
77
name: stackhpc.pulp.pulp_distribution
88
vars:
9-
pulp_distribution_rpm: "{{ stackhpc_pulp_distribution_rpm_production }}"
9+
pulp_distribution_deb: "{{ stackhpc_pulp_distribution_deb_production | selectattr('required') }}"
10+
pulp_distribution_rpm: "{{ stackhpc_pulp_distribution_rpm_production | selectattr('required') }}"

etc/kayobe/ansible/pulp-repo-publish.yml

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,9 +7,11 @@
77
name: stackhpc.pulp.pulp_publication
88
# NOTE: use intermediate variable to avoid publishing containers.
99
vars:
10-
pulp_publication_rpm: "{{ stackhpc_pulp_publication_rpm_development }}"
10+
pulp_publication_deb: "{{ stackhpc_pulp_publication_deb_development | selectattr('required') }}"
11+
pulp_publication_rpm: "{{ stackhpc_pulp_publication_rpm_development | selectattr('required') }}"
1112

1213
- import_role:
1314
name: stackhpc.pulp.pulp_distribution
1415
vars:
15-
pulp_distribution_rpm: "{{ stackhpc_pulp_distribution_rpm_development }}"
16+
pulp_distribution_deb: "{{ stackhpc_pulp_distribution_deb_development | selectattr('required') }}"
17+
pulp_distribution_rpm: "{{ stackhpc_pulp_distribution_rpm_development | selectattr('required') }}"

etc/kayobe/ansible/pulp-repo-sync.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,4 +7,5 @@
77
name: stackhpc.pulp.pulp_repository
88
# NOTE: use intermediate variable to avoid syncing containers.
99
vars:
10-
pulp_repository_rpm_repos: "{{ stackhpc_pulp_repository_rpm_repos }}"
10+
pulp_repository_deb_repos: "{{ stackhpc_pulp_repository_deb_repos | selectattr('required') }}"
11+
pulp_repository_rpm_repos: "{{ stackhpc_pulp_repository_rpm_repos | selectattr('required') }}"
Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
---
2+
# Currently the pulp_deb plugin in Pulp does not support certain types of
3+
# content, including i18n files and command-not-found indices. This breaks APT
4+
# when the command-not-found is installed. This playbook can be used to
5+
# uninstall the package, prior to running any other APT commands. It may be
6+
# installed as a hook to the 'host configure' commands.
7+
# See https://github.com/pulp/pulp_deb/issues/419
8+
# FIXME: If used as a hook, this playbook matches all hosts, so will run
9+
# against the seed, even when running 'overcloud host configure'. Depending on
10+
# the stage of deployment, some hosts may be unreachable. This could be fixed
11+
# by implementing this playbook separately for each group.
12+
- name: Purge command-not-found package
13+
hosts: seed-hypervisor:seed:overcloud:infra-vms
14+
gather_facts: false
15+
vars:
16+
ansible_user: "{{ bootstrap_user }}"
17+
# We can't assume that a virtualenv exists at this point, so use the system
18+
# python interpreter.
19+
ansible_python_interpreter: /usr/bin/python3
20+
# Work around no known_hosts entry on first boot.
21+
ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
22+
tasks:
23+
- name: Purge command-not-found package
24+
package:
25+
name:
26+
- command-not-found
27+
- python3-command-not-found
28+
purge: true
29+
state: absent
30+
become: true
31+
failed_when: false
32+
ignore_unreachable: true
33+
when: ansible_facts.os_family == "Debian"

etc/kayobe/apt.yml

Lines changed: 24 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -17,16 +17,23 @@
1717
# * filename: name of a file in /etc/apt/apt.conf.d/ in which to write the
1818
# configuration
1919
# Default is an empty list.
20-
#apt_config:
20+
apt_config:
21+
# NOTE: Currently the Pulp verbatim publisher does not sync translation
22+
# files, which results in apt update failing. Disable translations until this
23+
# is resolved.
24+
- content: |
25+
Acquire::Languages "none";
26+
filename: 99no-languages
2127
2228
# List of apt keys. Each item is a dict containing the following keys:
2329
# * url: URL of key
24-
# * filename: Name of a file in which to store the downloaded key. The
25-
# extension should be '.asc' for ASCII-armoured keys, or '.gpg' otherwise.
30+
# * filename: Name of a file in which to store the downloaded key
2631
# Default is an empty list.
27-
#apt_keys:
32+
apt_keys:
33+
- url: "https://download.docker.com/linux/ubuntu/gpg"
34+
filename: docker.asc
2835

29-
# A list of Apt repositories. Each item is a dict with the following keys:
36+
# A list of Apt repositories.
3037
# * types: whitespace-separated list of repository types, e.g. deb or deb-src
3138
# (optional, default is 'deb')
3239
# * url: URL of the repository
@@ -39,12 +46,22 @@
3946
# * architecture: whitespace-separated list of architectures that will be used
4047
# (optional, default is unset)
4148
# Default is an empty list.
42-
#apt_repositories:
49+
apt_repositories:
50+
- url: "{{ stackhpc_repo_ubuntu_focal_url }}"
51+
suites: "{{ ansible_facts.distribution_release }} {{ ansible_facts.distribution_release }}-updates {{ ansible_facts.distribution_release }}-backports"
52+
components: main restricted universe multiverse
53+
- url: "{{ stackhpc_repo_ubuntu_focal_security_url }}"
54+
suites: "{{ ansible_facts.distribution_release }}-security"
55+
components: main restricted universe multiverse
56+
- url: "{{ stackhpc_repo_docker_ce_ubuntu_url }}"
57+
suites: "{{ ansible_facts.distribution_release }}"
58+
components: stable
59+
signed_by: docker.asc
4360

4461
# Whether to disable repositories in /etc/apt/sources.list. This may be used
4562
# when replacing the distribution repositories via apt_repositories.
4663
# Default is false.
47-
#apt_disable_sources_list:
64+
apt_disable_sources_list: true
4865

4966
###############################################################################
5067
# Dummy variable to allow Ansible to accept this file.
Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
---
2+
- name: Ensure /srv/docker/squid directory exists
3+
file:
4+
path: /srv/docker/squid
5+
state: directory
6+
mode: 0755
7+
become: true
8+
9+
- name: Copy modified squid.conf
10+
copy:
11+
src: "{{ kayobe_config_path }}/containers/squid_proxy/squid.conf"
12+
dest: /srv/docker/squid/
13+
mode: 0644
14+
become: true
Lines changed: 75 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,75 @@
1+
#
2+
# Recommended minimum configuration:
3+
#
4+
5+
# Example rule allowing access from your local networks.
6+
# Adapt to list your (internal) IP networks from where browsing
7+
# should be allowed
8+
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
9+
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
10+
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
11+
acl localnet src fc00::/7 # RFC 4193 local private network range
12+
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
13+
14+
acl SSL_ports port 443
15+
acl Safe_ports port 80 # http
16+
acl Safe_ports port 21 # ftp
17+
acl Safe_ports port 443 # https
18+
acl Safe_ports port 70 # gopher
19+
acl Safe_ports port 210 # wais
20+
acl Safe_ports port 1025-65535 # unregistered ports
21+
acl Safe_ports port 280 # http-mgmt
22+
acl Safe_ports port 488 # gss-http
23+
acl Safe_ports port 591 # filemaker
24+
acl Safe_ports port 777 # multiling http
25+
acl CONNECT method CONNECT
26+
27+
#
28+
# Recommended minimum Access Permission configuration:
29+
#
30+
# Deny requests to certain unsafe ports
31+
http_access deny !Safe_ports
32+
33+
# Deny CONNECT to other than secure SSL ports
34+
http_access deny CONNECT !SSL_ports
35+
36+
# Only allow cachemgr access from localhost
37+
http_access allow localhost manager
38+
http_access deny manager
39+
40+
# We strongly recommend the following be uncommented to protect innocent
41+
# web applications running on the proxy server who think the only
42+
# one who can access services on "localhost" is a local user
43+
#http_access deny to_localhost
44+
45+
#
46+
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
47+
#
48+
49+
# Example rule allowing access from your local networks.
50+
# Adapt localnet in the ACL section to list your (internal) IP networks
51+
# from where browsing should be allowed
52+
http_access allow localnet
53+
http_access allow localhost
54+
55+
# And finally deny all other access to this proxy
56+
http_access deny all
57+
58+
# Squid normally listens to port 3128
59+
http_port 3128
60+
61+
# Uncomment and adjust the following to add a disk cache directory.
62+
cache_dir ufs /var/spool/squid 4096 16 256
63+
cache_mem 768 MB
64+
maximum_object_size_in_memory 64 MB
65+
66+
# Leave coredumps in the first cache dir
67+
coredump_dir /var/spool/squid
68+
69+
#
70+
# Add any of your own refresh_pattern entries above these.
71+
#
72+
refresh_pattern ^ftp: 1440 20% 10080
73+
refresh_pattern ^gopher: 1440 0% 1440
74+
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
75+
refresh_pattern . 0 20% 4320

etc/kayobe/environments/ci-aio/stackhpc-ci.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,11 @@ stackhpc_repo_mariadb_10_5_centos8_version: "{{ stackhpc_pulp_repo_mariadb_10_5_
4444
stackhpc_repo_rabbitmq_erlang_version: "{{ stackhpc_pulp_repo_rabbitmq_erlang_version }}"
4545
stackhpc_repo_rabbitmq_server_version: "{{ stackhpc_pulp_repo_rabbitmq_server_version }}"
4646
stackhpc_repo_treasuredata_4_version: "{{ stackhpc_pulp_repo_treasuredata_4_version }}"
47+
stackhpc_repo_ubuntu_cloud_archive_version: "{{ stackhpc_pulp_repo_ubuntu_cloud_archive_version }}"
48+
stackhpc_repo_ubuntu_focal_version: "{{ stackhpc_pulp_repo_ubuntu_focal_version }}"
49+
stackhpc_repo_ubuntu_focal_security_version: "{{ stackhpc_pulp_repo_ubuntu_focal_security_version }}"
50+
stackhpc_repo_docker_ce_ubuntu_version: "{{ stackhpc_pulp_repo_docker_ce_ubuntu_version }}"
51+
4752

4853
# Host and port of container registry.
4954
# Push built images to the development Pulp service registry.

etc/kayobe/environments/ci-builder/stackhpc-ci.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,10 @@ stackhpc_repo_mariadb_10_5_centos8_version: "{{ stackhpc_pulp_repo_mariadb_10_5_
6363
stackhpc_repo_rabbitmq_erlang_version: "{{ stackhpc_pulp_repo_rabbitmq_erlang_version }}"
6464
stackhpc_repo_rabbitmq_server_version: "{{ stackhpc_pulp_repo_rabbitmq_server_version }}"
6565
stackhpc_repo_treasuredata_4_version: "{{ stackhpc_pulp_repo_treasuredata_4_version }}"
66+
stackhpc_repo_ubuntu_cloud_archive_version: "{{ stackhpc_pulp_repo_ubuntu_cloud_archive_version }}"
67+
stackhpc_repo_ubuntu_focal_version: "{{ stackhpc_pulp_repo_ubuntu_focal_version }}"
68+
stackhpc_repo_ubuntu_focal_security_version: "{{ stackhpc_pulp_repo_ubuntu_focal_security_version }}"
69+
stackhpc_repo_docker_ce_ubuntu_version: "{{ stackhpc_pulp_repo_docker_ce_ubuntu_version }}"
6670

6771
# Host and port of container registry.
6872
# Push built images to the Ark registry.

0 commit comments

Comments
 (0)