Commit Graph

45 Commits

Author SHA1 Message Date
Dmitriy Rabotyagov 54813d6be4 Enabled memcached usage for token caching
As of today blazar warns out on startup that using the in-process token
cache is deprecated for quite a while. In order to get rid of this warning
we add memcached configuration for keystone token.

Change-Id: Ibd80231bdb1dfe2e66e69c4538a2129c7f84c92f
2024-01-05 23:06:54 +01:00
Dmitriy Rabotyagov 21f304634e Add variable to define list of manager plugins
In order to be more flexible regarding required plugins, we implement a
new variable that will allow to set a list of enabled filters for blazar.

With that we also enable floatingip plugin that has been added to Blazar
a while ago.

Change-Id: Iaff9284eec3a57a6470afb5e912cad17970baa2f
2024-01-05 22:53:16 +01:00
Dmitriy Rabotyagov 06291ec0e6 Create required freepool aggregate
For normal functioning of Blazar reservation it expects a nova agregate exist
to be used for host reservation.

Thus, to make deployment more convenient for deployer we add fuctionality
of creating such aggregate.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/904786
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/878794
Change-Id: I7f56b8c8f2394d5fae1476441c8e2e2a5f07467c
2024-01-05 21:30:49 +00:00
Dmitriy Rabotyagov 676846b6a2 Fix Blazar authentication and endpoints definition
Closes-Bug: #2048048
Co-Authored-By: Alexey Rusetsky <fenuks@fenuks.ru>
Change-Id: I0dc54f1de1992b24cac7fcdc88d04daa2901cbc4
2024-01-05 21:13:07 +00:00
Dmitriy Rabotyagov 856b4401a1 Add quorum support for service
This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.

Change-Id: If9a9ee764dd41767aaa1285903eb3c21cc0da40c
2023-09-28 14:29:25 +00:00
Dmitriy Rabotyagov 9f6ea81c64 Fix linters and metadata
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.

With that we also update metdata to reflect current state.

Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: Ic97b301d704d3bc19142315a69724c05f3cad875
2023-07-13 16:41:33 +02:00
Damian Dabrowski 8b39e84ec1 Add TLS support to blazar backends
By overriding the variable `blazar_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the blazar backend api.

The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: Ic784cb180ff4cbc81c230b0a3a62015a71ea3f99
2023-04-29 18:35:56 +02:00
Damian Dabrowski c9d10f41fa Add uWSGI support to blazar
This patch adds uWSGI support to os_blazar role. All openstack services
should stay behind uWSGI.

It's also required for upcoming TLS backend feature. Blazar does not
have native TLS support so it needs to be handled by uWSGI.

Change-Id: I65511de4d5014a28f0f91536f9dbaf96fcb8e7a2
2023-04-24 12:48:23 +02:00
Damian Dabrowski c1418e167a Fix blazar_service_type
As described in [1], blazar_service_type should be set to 'reservation'.
Otherwise blazar CLI won't be able to find its endpoint.

[1] https://docs.openstack.org/blazar/latest/install/install-without-devstack.html

Change-Id: I01874c617e5da75010c54b64901c90a986468807
2023-04-17 20:16:41 +02:00
Dmitriy Rabotyagov 711160baea Support service tokens
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.

Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: I3a1c2d87a39eaf342411f3b607bc909f924944cb
2022-06-15 17:43:49 +02:00
Damian Dabrowski 7e7b7347f7 Database connection pooling improvements
- Implemented new variable ``connection_recycle_time`` responsible for SQLAlchemy's connection recycling
- Set new default values for db pooling variables which are inherited from the global ones.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819424
Change-Id: Ib4a0581c5bbe2b14abcd80f97ac2e36ec0dbf4b1
2021-12-03 11:40:31 +01:00
Dmitriy Rabotyagov 956c84d1a4 Refactor galera_use_ssl behaviour
With PKI role in place in most cases you don't need to explicitly
provide path to the CA file because PKI role ensures that CA is trusted
by the system overall. In the meanwhile in PyMySQL [1] you must either
provide CA file or cert/key or enable verify.

Since current behaviour is to provide path to the custom CA we expect
certificate being trusted overall. Thus we enable cert verification when
galera_use_ssl is True.

[1] 78f0cf99e5/pymysql/connections.py (L267)

Change-Id: I7042118a17d533c472f09bb2098bbc3c01195477
2021-09-21 11:14:02 +00:00
Jonathan Rosser 30c2316e6c Add variables for rabbitmq ssl configuration
Change-Id: I4ca1b85b67a6f6fd4f951c1cb3c256ec959e7ee4
2021-05-17 07:56:03 +00:00
Zuul 6e8ccf3f89 Merge "Allow to override blazar policy files" 2021-03-19 20:43:35 +00:00
Dmitriy Rabotyagov fcc6a1b6ea Allow to override blazar policy files
We implement `blazar_policy_overrides` variable in order to allow
management of balazar policy files when needed.

Change-Id: I581a9c9659d3d023eb40cf2c6dfc2d01fa0a7464
2021-03-16 16:44:37 +02:00
Jonathan Rosser e89bd175d5 Use ansible_facts[] instead of fact variables
See https://github.com/ansible/ansible/issues/73654

Change-Id: Ib92816da66e068fc119c55118f07873e5dba748a
2021-03-16 08:00:11 +00:00
Jonathan Rosser 746e9a4895 Move blazar pip packages from constraints to requirements
This is necessary to support the new pip resolver

Change-Id: I5ce52c9e5a39c376652cba7b13a1e0e50b784aa7
2021-01-25 08:50:21 +00:00
Dmitriy Rabotyagov b7a54b1849 Use global service variables
Instead of overriding each service separatelly it might make
sense for deployers to define some higher level variable that
will be used first or fallback to default variable.

Change-Id: Ifb25edf453f04594303d391c4e1dd245f6400c2b
2021-01-05 18:40:45 +02:00
Dmitriy Rabotyagov 509deba53e Use the utility host for db setup tasks
Move it to the service setup host (defaults to utility[0]) instead
of the galera[0] host, and use galera_address (defaults to internal VIP)
as the endpoint instead of a local connection on the db host.

Change-Id: I731f05f07a92696292c1aa5bdde99089d34566a3
2020-08-20 14:22:09 +00:00
Dmitriy Rabotyagov 18ed9c08cf Cleanup after repo_build and pip_install retirement
Change-Id: I7712cab306e2fbc74f7b8b958011e8435ad7be5e
2020-05-12 21:14:23 +03:00
Dmitriy Rabotyagov 4c4600c307 Replace git.openstack.org with opendev.org
This patch replaces git.openstack.org with opendev.org as redirection
from old path was enabled.
Also we change upper constraints url due to [1]

[1] http://lists.openstack.org/pipermail/openstack-discuss/2019-May/006478.html

Depends-On: https://review.opendev.org/693841/
Change-Id: I124f77a92a9d34a55c1c39f1e27cde49bb3bd7aa
2019-11-14 16:21:55 +00:00
Jonathan Rosser 71c82ac958 Add global override for service bind address
Change-Id: I07f76024faab924a63556fa13adf8dbb5ad45e01
2019-09-19 10:30:31 +01:00
Mohammed Naser 4b0a53b3a3 Update role for new source build process
The variables blazar_developer_mode and blazar_venv_download
no longer carry any meaning. This review changes blazar to
do the equivalent of what developer_mode was all the time,
meaning that it always builds the venv and never requires
the repo server, but it will use a repo server when available.

As part of this, we move the source build out of its own file
because it's now a single task to include the venv build role.
This is just to make it easier to follow the code.

It looks like the project now needs authentication for the root
of the host so we'll test for that instead of 204.

Change-Id: Id1dc8d378cb57d6ab2b59da76468a4a0859466b1
2019-03-28 13:53:48 -04:00
Jesse Pretorius cb561cc870 Enable overriding the service setup host python interpreter
In order to enable the service setup host python interpreter to
be changed easily, we make it a variable. This will be useful
when someone sets the service setup host to be the utility
container, because we'll be able to set this var by default.

Change-Id: Id634d63517f891a97245e08b3965f387c49bb222
2018-11-30 15:33:25 +00:00
Zuul fbef3a4c29 Merge "Update messaging notification configuration" 2018-11-10 10:08:48 +00:00
Zuul c4af5ccf9c Merge "Default MQ RPC/Notify credentials/vhosts to match" 2018-10-10 07:32:35 +00:00
Taseer 0500a7c256 Default MQ RPC/Notify credentials/vhosts to match
When the RPC and Notify service are the same, the credentials
must match - otherwise the tasks to create the user/password
will overwrite with each other.

If the two clusters are different, then the matching credentials
and vhost will not be a problem. However, if the deployer really
wishes to make sure they're different, then the vars can be
overridden.

Also, to ensure that the SSL value is consistently set in the
conf file, we apply the bool filter. We also use the 'notify'
SSL setting as the messaging system for Notifications is more
likely to remain rabbitmq in our default deployment with qrouterd
becoming the default for RPC messaging.

Change-Id: I48b1e9f10a32caba099493303518d9fee9fec7f1
Signed-off-by: Taseer <taseer94@gmail.com>
2018-10-09 18:42:46 +00:00
Jesse Pretorius 00c9fdc876 Add blazar_role_project_group var
In order for the repo build to correctly scope the package
building to the right inventory group, this variable is
needed.

Change-Id: Ie23e3c62e1d6b451422ad9c5514ffe29a53602b0
2018-10-09 12:13:15 +01:00
ZhijunWei 6703cf06dd Update messaging notification configuration
This patch add the conditional inclusion of the notification
section of the service configuration. This ensures that oslo.messaging
notifications use the correct transport for deployments that have
separate rpc and notify messaging backends. For example, if the
transport_url is not provided in the notification section of the
service configuration, the transport_url specified in the default
section will be used instead.

This patch conditionally selects the notifier driver. The noop
driver will be selected when notification publishing is disabled.
The messagingv2 driver is selected when notification publishing is
enabled.

Change-Id: I2b4c4a119fa300fb5b64eaaf947e3c688bdb6e84
Closes-Bug: #1794320
2018-09-27 02:17:07 +00:00
Taseer 3d2f1bf465 Add the MQ vhost/user creation and configuration
Change-Id: If92a53d9447c09e9a1388ca99b25380bb301b1bf
2018-09-24 12:35:47 +02:00
Jesse Pretorius fbfc27fdc7 Remove blazar_requirements_git_* vars
These vars aren't used, so we remove them.

Change-Id: I68ca3e73652e7d38c83692260c3fb4ee72c6681b
2018-09-08 13:59:17 +01:00
Taseer Ahmed 0ad0677d26 Fix functional tests for Blazar
The functional test check the responsiveness of the Blazar API. A
return of 204 code from the API verifies the success.

Rest of the changes ensure compliance with all the standards required
to make the linter and docs tests pass.

Change-Id: I640877817ad1ae312436932af87ad15094616f12
2018-09-04 18:38:34 +05:00
Jesse Pretorius 41910f2ab7 Use a common python build/install role
In order to radically simplify how we prepare the service
venvs, we use a common role to do the wheel builds and the
venv preparation. This makes the process far simpler to
understand, because the role does its own building and
installing. It also reduces the code maintenance burden,
because instead of duplicating the build processes in the
repo_build role and the service role - we only have it all
done in a single place.

We also change the role venv tag var to use the integrated
build's common venv tag so that we can remove the role's
venv tag in group_vars in the integrated build. This reduces
memory consumption and also reduces the duplication.

This is by no means the final stop in the simplification
process, but it is a step forward. The will be work to follow
which:

1. Replaces 'developer mode' with an equivalent mechanism
   that uses the common role and is simpler to understand.
   We will also simplify the provisioning of pip install
   arguments when doing this.

Depends-On: https://review.openstack.org/598957
Change-Id: Ia84e9f0a7b7627182e4b10aa3fc4f0d708edfee8
Implements: blueprint python-build-install-simplification
Signed-off-by: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
2018-09-03 11:06:40 +00:00
Kevin Carter ed9e0d5399
Convert role to use a common systemd service role
This removes the systemd service templates and tasks from this role and
leverages a common systemd service role instead. This change removes a
lot of code duplication across all roles all without sacrificing features
or functionality. The intention of this change is to ensure uniformity and
reduce the maintenance burden on the community when sweeping changes are
needed.

Change-Id: Ife802766cefa8862f2b0e42f06c100b30d65edf8
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2018-07-31 14:56:47 -05:00
Jesse Pretorius c7bc980de3 Execute service setup against a delegated host using Ansible built-in modules
In order to reduce the packages required to pip install on to the hosts,
we allow the service setup to be delegated to a specific host, defaulting
to the deploy host. We also switch as many tasks as possible to using the
built-in Ansible modules which make use of the shade library.

The 'virtualenv' package is now installed appropriately by the openstack_hosts
role, so there's no need to install it any more. The 'httplib2' package is a
legacy Ansible requirement for the get_url/get_uri module which is no longer
needed. The keystone client library is not required any more now that we're
using the upstream modules. As there are no required packages left, the task
to install them is also removed.

With the dependent patches, the openstack_openrc role is now executed once
on the designated host, so it is no longer required as a meta-dependency for
the role.

Change-Id: Ib41f12b837f73ea534c6a0f926a70f7a82d7a194
2018-07-17 10:34:02 +01:00
Zuul aee7cf1392 Merge "Move database creation into role" 2018-06-28 19:40:33 +00:00
Jesse Pretorius 1976e84796 Move database creation into role
There is no record for why we implement the database creation outside
of the role in the playbook, when we could do it inside the role.

Implementing it inside the role allows us to reduce the quantity of
group_vars duplicated from the role, and allows us to better document
the required variables in the role. The delegation can still be done
as it is done in the playbook too.

In this patch we implement a new variable called 'blazar_db_setup_host'
which is used in the role to allow delegation of the database setup
task to any host, but defaults to the first member of the galera_all
host group. We also document the variable blazar_galera_address which
has been used for a long time, but never documented. A bunch of unused
variables have also been removed.

Change-Id: Id500e2b2a5b981609becc883edd3d166f70103f4
2018-06-12 20:00:15 +01:00
Kevin Carter e4fd203f19
Add packages required for osprofiler
The following packages are required in-order to run osprofiler.
these packages will provide deployers the ability to profile
a service on demand should they choose to enable the profile
functionality.

Change-Id: Ie33e8944c4be002f12f47916d26393cc43203f4f
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2018-06-11 22:57:19 -05:00
Taseer Ahmed 8c607abded Add blazar packages 2018-04-11 12:31:23 +05:00
Taseer Ahmed cc46742281 set pip package state 2018-02-19 13:58:40 +05:00
Taseer Ahmed ba78873d38 Update the service settings 2018-02-17 18:47:01 +05:00
Taseer Ahmed d17b8161aa update to the latest 2018-02-17 17:53:22 +05:00
Taseer Ahmed ad1142cc60 Filling in more content
Signed-off-by: Taseer Ahmed <taseer94@gmail.com>
2018-01-25 12:14:58 +05:00
Taseer Ahmed 8edd924e59 Fill in the content 2018-01-10 12:05:25 +05:00
Taseer Ahmed 6d3c5fb31c Outline the structure 2017-12-24 19:17:51 +05:00