[TripleO] gate blocker - impacting all quickstart-based jobs - openstack-ansible-os_tempest

Marios Andreou marios at redhat.com
Mon Apr 4 06:35:39 UTC 2022


On Mon, Apr 4, 2022 at 9:27 AM Jiri Podivin <jpodivin at redhat.com> wrote:

> Full disclosure: I have only surface level understanding of how ansible
> galaxy actually works on the inside.
> My exposure to it is rather limited and it's possible that all of my
> concerns have perfectly valid responses I'm not aware of.
> Furthermore, I do believe that we could utilize ansible galaxy a bit more
> than we do.
>
> That being said, I do think that we should be cautious when changing the
> way we package and deliver.
> Even if everything works out we are possibly setting ourselves up for a
> whole new set of possible problems we are unfamiliar with.
> Whether that is an acceptable risk or not is a question for a different
> avenue however.
>
>
In this particular case, we can get away with installing the ansible galaxy
collections because we have 'nested' ansible so something like zuul
(ansible) calling bash (tripleo-quickstart) calling ansible.  There are
other cases (zuul/ansible 'native', not nested) where we have to install
such dependencies as python utilities because of the security concerns
around allowing collections to be installed on the ansible controller (e.g.
see
http://lists.zuul-ci.org/pipermail/zuul-discuss/2021-November/001752.html).

In this case, we can do the installation of the required ansible bits
during the middle "bash" part of the workflow (as you can see in
https://review.opendev.org/c/openstack/tripleo-quickstart/+/836104).  There
are other cases where we can't (yet?)

regards, marios




> On Sun, Apr 3, 2022 at 7:10 PM Dmitriy Rabotyagov <noonedeadpunk at gmail.com>
> wrote:
>
>> Hey there!
>>
>> I have quick question - do you think it's valid approach to install
>> Ansible roles as python packages?
>> This smells sooooo fishy since ansible-galaxy is a thing along with
>> requirements.yml...
>>
>> So actual question is - do you have any plans on changing this approach
>> to more Ansible way anytime soon?
>>
>> пт, 1 апр. 2022 г., 8:19 Marios Andreou <marios at redhat.com>:
>>
>>> On Fri, Apr 1, 2022 at 12:14 AM Ronelle Landy <rlandy at redhat.com> wrote:
>>>
>>>> Hello All,
>>>>
>>>> We have a check/gate blocker on all TripleO quickstart-based jobs, as
>>>> described in:
>>>>
>>>> https://bugs.launchpad.net/tripleo/+bug/1967430
>>>>
>>>> [1] commit to openstack-ansible-os_tempest removed setup.py and
>>>> is causing failings in all quickstart jobs.
>>>>
>>>> A revert was proposed but will not be workable - we are waiting on
>>>> another fix.
>>>>
>>>> Please hold rechecks until this is resolved.
>>>>
>>>> [1]
>>>> https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/835969
>>>>
>>>>
>>>
>>> Unfortunately looks like the core group on that repo is empty [1]. I
>>> added some folks into CC here that merged the original patch. Folks can you
>>> please help us merge the fix at
>>> https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/836091
>>>
>>>
>>> TripleO gate is blocked until we
>>> merge ansible-role-python_venv_build/+/836091
>>>
>>>
>>> please help :D
>>>
>>>
>>> [1]
>>> https://review.opendev.org/admin/groups/3474fc86368161e5288be01295041a089a1060b3,members
>>>
>>>
>>>
>>>
>>>
>>>> Thank you!
>>>>
>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20220404/382341b5/attachment.htm>


More information about the openstack-discuss mailing list