Commit Graph

24 Commits

Author SHA1 Message Date
Damian Dabrowski 4b2134df19 Add TLS support to aodh backends
By overriding the variable `aodh_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the aodh backend api.

The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: Ibb4d7b465f07fff6c172b38aa647fd8d6a4fcd43
2023-04-29 18:35:33 +02:00
Dmitriy Rabotyagov ec2caff080 Ensure service is restarted on unit file changes
At the moment we don't restart services if systemd unit file is changed.

We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now  we ensure that role handlers will also listen for systemd
unit changes.

Change-Id: Ic56d5d1bd1ead8fd6bb642913370fa206799256f
2023-04-10 15:29:52 +02:00
Jonathan Rosser b7ff1830da Remove policy.json cleanup handler
Change-Id: I331169ba48ff07d600c257a64db224517a5f36b9
2022-02-02 04:04:34 -05:00
Dmitriy Rabotyagov 705b782589 [goal] Deprecate the JSON formatted policy file
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to replace policy.json to
policy.yaml and remove deprecated policy.json.

We make a separate task not to restart service when it's not needed.

[1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_gnocchi/+/781513
Change-Id: Ifd1190981a2c50b54efa129f60b0d4a0f448bb60
2021-05-05 19:15:53 +00:00
Jonathan Rosser 37efa0a469 Use ansible_facts[] instead of fact variables
See https://github.com/ansible/ansible/issues/73654

Change-Id: I83375d4d96fee13c21dc133dbf5a5b8ed64b826a
2021-03-16 07:58:51 +00:00
Dmitriy Rabotyagov 84aadded6a Trigger uwsgi restart
When we were migrating service to uwsgi usage, we clean forgot to
trigger uwsgi restart on service config change.

Change-Id: I267740e0a2c342e1ac3277a236d8a7f23830134b
2020-10-08 15:04:18 +03:00
Dmitriy Rabotyagov 91b2196646 Migrate aodh to use uWSGI role
This patch moves aodh-api from usage of apache with mod_wsgi
to uWSGI role, which means unification across another roles and
reduced maintenance costs

During migration period tasks that ensures apache won't listen
on panko_service_port are present, but they are supposed to be removed
after train release.

Depends-On: https://review.opendev.org/678025/
Change-Id: I9377d46b4b79f79dbf448b23c67ff21b80714b6c
2019-09-04 15:36:21 +03:00
Jesse Pretorius d460cf1e36 Use a common python build/install role
In order to radically simplify how we prepare the service
venvs, we use a common role to do the wheel builds and the
venv preparation. This makes the process far simpler to
understand, because the role does its own building and
installing. It also reduces the code maintenance burden,
because instead of duplicating the build processes in the
repo_build role and the service role - we only have it all
done in a single place.

We also change the role venv tag var to use the integrated
build's common venv tag so that we can remove the role's
venv tag in group_vars in the integrated build. This reduces
memory consumption and also reduces the duplication.

This is by no means the final stop in the simplification
process, but it is a step forward. The will be work to follow
which:

1. Replaces 'developer mode' with an equivalent mechanism
   that uses the common role and is simpler to understand.
   We will also simplify the provisioning of pip install
   arguments when doing this.
2. Simplifies the installation of optional pip packages.
   Right now it's more complicated than it needs to be due
   to us needing to keep the py_pkgs plugin working in the
   integrated build.
3. Deduplicates the distro package installs. Right now the
   role installs the distro packages twice - just before
   building the venv, and during the python_venv_build role
   execution.

Depends-On: https://review.openstack.org/598957
Change-Id: I4cee1b0b7d5bc3fa53052dabe66e6acdb69afd18
Implements: blueprint python-build-install-simplification
Signed-off-by: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
2018-09-03 11:06:17 +00:00
melissaml 2ffd85c420 Remove the unnecessary space
Change-Id: I2bda27295c34b1e0fa3985e6d52e150126d474db
2018-08-27 20:56:30 +00:00
Jean-Philippe Evrard 3d332b1cc4 Fix usage of "|" for tests
With the more recent versions of ansible, we should now use
"is" instead of the "|" sign for the tests.

This should fix it.

Change-Id: I2d4fe0c03a5b273f3979e1b7cbacaa97d8972c5a
2018-07-12 16:59:29 +02:00
Jimmy McCrory e2117287b4 Use listen instead of chained notifiers
From Ansible 2.2 onwards, listen can be used for
handlers instead of chaining notifiers. The
handlers are then executed in the sequence
present in the handler file.

Change-Id: I34312074ed2ab298111831fb5e1640d6a7ec77f5
2018-03-17 14:10:45 -07:00
Andy McCrae 8dbed05af4 Standardize services list and package installation
This patch standardizes the package installation to pass a list rather
than "with_items".

Additionally, we can utilize a filtered_services list to ensure we only
attempt tasks against the relevant hosts rather than running through
tasks that would be skipped.

Change-Id: I2c5ad3c2773b890bf6689b8ff87871a4af2021a8
2018-02-20 20:04:17 +00:00
Jenkins 6e0cf4dcdf Merge "Ensure that policy file has correct group/mode" 2017-05-24 23:56:16 +00:00
Jesse Pretorius 1112796b54 Use command instead of debug for handlers
Due to the debug message plugin the handler restart
messages show at the end of the playbook execution
which is a little confusing. Using debug also
requires setting changed_when to true which is a
little extra bit of code which we do not have to
carry.

Instead we use the command module which is simple,
works and less wordy.

Change-Id: Ia7938f75c6c8bb03a61b5390f36a3f967556fbcf
2017-05-24 11:32:44 +01:00
Jesse Pretorius 20e5a6a9ab Ensure that policy file has correct group/mode
When the policy file is copied from the templated
file to the active file, it loses its group/mode
settings. This patch ensures that they are properly
replicated during the copy.

Change-Id: I4832a9c81c21cfea9bdd9375b13fab7fe5363701
2017-05-23 23:43:15 +01:00
Jesse Pretorius eb76491f7e Perform an atomic policy file change
The policy.json file is currently read continually by the
services and is not only read on service start. We therefore
cannot template directly to the file read by the service
(if the service is already running) because the new policies
may not be valid until the service restarts. This is
particularly important during a major upgrade. We therefore
only put the policy file in place after the service restart.

This patch also tidies up the handlers and some of the install
tasks to simplify them and reduce the tasks/code a little.

Change-Id: I98dc9b1e7d5d6ad54a19f0d5ebf0973580f58740
2017-04-28 16:06:10 +00:00
Cuong Nguyen 6972fe39dc Use systemd module instead of shell
Using ansible systemd module to daemon reload and service reload is the solution for the future.

Change-Id: Ied0b691aa84a353e451bda9f18149a144ef2f279
2017-01-24 09:57:33 +07:00
Andy McCrae 857b45ea97 Remove Trusty support from os_aodh role
Change-Id: Ia96cc93af5536ec5eb1810c020af769189ea63c4
Implements: blueprint trusty-removal
2016-12-15 13:15:24 +00:00
Marc Gariepy 9dc5cfa004 Add CentOS support for os_aodh role
Change-Id: Ifd79bde9aca936e59f901f9a5ecc6c1d38979408
2016-12-06 08:54:51 -05:00
Logan V f3a90de657 Fix linting issues for ansible-lint 3.4.1
Preparing this role for the ansible-lint version bump

Change-Id: Id39bc800eae6e45ce0d515ed47ab60e26728ff96
2016-11-02 02:40:30 +00:00
Jesse Pretorius 3b13d93a8b Use dictionary for service group mappings
Change the 'aodh_service_names' from a list to a dictionary mapping
of services, groups that install those services. This brings the
method into line with that used in the os_neutron role in order to
implement a more standardised method.

The init tasks have been updated to run once and loop through this
mapping rather than being included multiple times and re-run against
each host. This may potentially reduce role run times.

Currently the reload of upstart/systemd scripts may not happen if
only one script changes as the task uses a loop with only one result
register. This patch implements handlers to reload upstart/systemd
scripts to ensure that this happens when any one of the scripts
change.

The handler to reload the services now only tries to restart the
service if the host is in the group for the service according to the
service group mapping. This allows us to ensure that handler
failures are no longer ignored and that no execution time is wasted
trying to restart services which do not exist on the host.

Finally:
- Common variables shared by each service's template files have
  been updated to use the service namespaced variables.
- Unused handlers have been removed.
- Unused variables have been removed.

Change-Id: I729ae43faba2ebb04d8fda85c3f51b2136853ef9
2016-09-28 15:27:55 +00:00
Travis Truman dd4a64226e Serve the aodh-api using mod_wsgi
aodh upstream change Iefd6f4d9f76c69ed9b49483e1feda0b7dbe2cb81
moves from Werkzeug to WSGI so we should follow suit

Without this change, the aodh-api service fails to start at all.

Apache vhost config based on https://github.com/openstack/aodh/blob/master/etc/apache2/aodh

Change-Id: I2fb1eb984949a4457ae313cffec872a0bb425eab
2016-07-19 09:16:44 -04:00
Travis Truman 6ebc7b4f6d Address Ansible bare variable usage
When executing the role with Ansible 2.1, the following
deprecation warning is issued in the output for some tasks.

[DEPRECATION WARNING]: Using bare variables is deprecated.

This patch addresses the tasks to fix the behaviour appropriately.

Change-Id: I29969fba8fe4197bdff2d74194ac5714e22202a8
2016-06-15 12:18:53 -04:00
Miguel Alex Cantu 639c11f38b Seperated out Telemetry Alarming (Aodh)
The alarming function of Telemetry has been seperated out
by design. This patchset creates new containers for these
alarming services and deploys them accordingly.

See:
http://lists.openstack.org/pipermail/openstack-dev/2015-September/073897.html

DocImpact
UpgradeImpact
Implements: blueprint liberty-release
Change-Id: I25294a25afa76d4d8bddad0a51c48485f33a6d20
2015-10-15 11:20:53 +01:00