StarlingX

Remove hard-coding of nginx and cert-manager from Ansible

Bug #1886742 reported by Ghada Khalil
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
Medium
Jerry Sun

Bug Description

Brief Description
-----------------
Currently Ansible has the cert-manager tarball version hard-coded in the following files:
https://review.opendev.org/#/c/730993/2/playbookconfig/src/playbooks/host_vars/bootstrap/default.yml
https://review.opendev.org/#/c/730993/2/playbookconfig/src/playbooks/roles/bootstrap/validate-config/vars/main.yml

This requires that every time a change is made in the cert-manager repo (which results in the tarball being upversioned) that a corresponding change in the above Ansible files is made as well. This has proven to be cumbersome. There were times that the Ansible change was forgotten resulting in a bootstrap failure and a red sanity.

This LP tracks an improvement to remove the hard-coding and update ansible to just apply the current version of the app at bootstrap time (not a specific version) since only one version is present at any given time.

Note: The nginx tarball is also hard-coded, but it is not auto-versioned as it doesn't have any helm plugins.

Severity
--------
Minor

Steps to Reproduce
------------------
N/A

Expected Behavior
------------------
N/A

Actual Behavior
----------------
N/A

Reproducibility
---------------
N/A

System Configuration
--------------------
any

Branch/Pull Time/Commit
-----------------------
any stx load since the introduction of cert-manager in stx.4.0

Last Pass
---------
N/A

Timestamp/Logs
--------------
Not Required

Test Activity
-------------
Code inspection

Workaround
----------
none

See original description
Ghada Khalil (gkhalil)
summary: - Ansible should not hard-code the cert-manager version
+ Ansible should not hard-code the nginx & cert-manager versions
description: updated
tags: added: stx.config
Ghada Khalil (gkhalil)
summary: - Ansible should not hard-code the nginx & cert-manager versions
+ Ansible should not hard-code the cert-manager version
description: updated
Ghada Khalil (gkhalil)
Changed in starlingx:
assignee: nobody → Jerry Sun (jerry-sun-u)
Eric MacDonald (rocksolidmtce)
Changed in starlingx:
assignee: Jerry Sun (jerry-sun-u) → Eric MacDonald (rocksolidmtce)
assignee: Eric MacDonald (rocksolidmtce) → nobody
Ghada Khalil (gkhalil)
Changed in starlingx:
assignee: nobody → Jerry Sun (jerry-sun-u)
Ghada Khalil (gkhalil)
Changed in starlingx:
importance: Undecided → Medium
status: New → Triaged
tags: added: stx.5.0
Revision history for this message
Ghada Khalil (gkhalil) wrote :

stx.5.0 / medium priority - should be fixed to avoid the bootstrap issues encountered when the ansible hard-coded reference is not updated.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to ansible-playbooks (r/stx.4.0)

Fix proposed to branch: r/stx.4.0
Review: https://review.opendev.org/741248

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to ansible-playbooks (r/stx.4.0)

Reviewed: https://review.opendev.org/741248
Committed: https://git.openstack.org/cgit/starlingx/ansible-playbooks/commit/?id=4ad990986d8177f838eba21c82303a34365d0e7a
Submitter: Zuul
Branch: r/stx.4.0

commit 4ad990986d8177f838eba21c82303a34365d0e7a
Author: Saul Wold <email address hidden>
Date: Wed Jul 15 08:27:36 2020 -0700

    Update cert-manager version in yml files

    This updates the cert-manager version for the 4.0 branching since the version
    was bumped in the cert-manager-armada-app repo when the .gitreview was added.

    Partial-bug: 1886742
    Change-Id: If705fef761c6e9cb35ba6d05ea1be132053f11fc
    Signed-off-by: Saul Wold <email address hidden>

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to ansible-playbooks (master)

Fix proposed to branch: master
Review: https://review.opendev.org/744716

Changed in starlingx:
status: Triaged → In Progress
Ghada Khalil (gkhalil)
summary: - Ansible should not hard-code the cert-manager version
+ Remove hard-coding of nginx and cert-manager from Ansible
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to ansible-playbooks (master)

Reviewed: https://review.opendev.org/744716
Committed: https://git.openstack.org/cgit/starlingx/ansible-playbooks/commit/?id=a7c1f6fffb2748fda3876c445837fd70b18d05fa
Submitter: Zuul
Branch: master

commit a7c1f6fffb2748fda3876c445837fd70b18d05fa
Author: Jerry Sun <email address hidden>
Date: Tue Aug 4 09:56:40 2020 -0400

    Add required applications to applications list automatically

    We used to have a required applications list in ansible playbook. This
    is checked against the user specified overrides file to ensure entries
    for the required applications are present. This creates an issue when
    the required applications versions are changed. If the required
    applications list versions are not changed, bootstrap fails. This
    commit changes the behavior of the setup. There is no longer a
    required applications list with version numbers; the required
    applications versions will be automatically detected by searching for
    nginx and cert manager tarballs on the system. If the user overrides
    file does not contain entries for these applications, default entries
    with no overrides will be generated to keep things consistent with the
    old setup.

    Closes-bug: 1886742

    Change-Id: I66e6a1c1934df64988212a960bccba8efcc62bd6
    Signed-off-by: Jerry Sun <email address hidden>

Changed in starlingx:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.