With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: Ic97b301d704d3bc19142315a69724c05f3cad875
By overriding the variable `blazar_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the blazar backend api.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: Ic784cb180ff4cbc81c230b0a3a62015a71ea3f99
This patch adds uWSGI support to os_blazar role. All openstack services
should stay behind uWSGI.
It's also required for upcoming TLS backend feature. Blazar does not
have native TLS support so it needs to be handled by uWSGI.
Change-Id: I65511de4d5014a28f0f91536f9dbaf96fcb8e7a2
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: I3a1c2d87a39eaf342411f3b607bc909f924944cb
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.
This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.
Change-Id: Ibd7e65b25fca496a6393692c6952c9604430ec92
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814
Change-Id: I8abcf60dcc8a264c221de89ff01906edf3ce8a39
We implement `blazar_policy_overrides` variable in order to allow
management of balazar policy files when needed.
Change-Id: I581a9c9659d3d023eb40cf2c6dfc2d01fa0a7464
We use the same condition, which defines against what host some "service"
tasks should run against, several times. It's hard to keep it the same
across the role and ansible spending additional resources to evaluate
it each time, so it's simpler and better for the maintenance to set
a boolean variable which will say for all tasks, that we want to run
only against signle host, if they should run or not now.
Change-Id: I6f1937c329292028e772fbe96d2466000726e4b7
Move it to the service setup host (defaults to utility[0]) instead
of the galera[0] host, and use galera_address (defaults to internal VIP)
as the endpoint instead of a local connection on the db host.
Change-Id: I731f05f07a92696292c1aa5bdde99089d34566a3
This patch refactors the openstack user/service/endpoints creation to
service_setup.yml which will eventually be managed by
openstack-ansible-tests.
Change-Id: I0af7cd2087a03b16c2f7ffd818cf5074c233e89a
This patch refactors the database creation to db_setup.yml which
will eventually be managed by openstack-ansible-tests.
This also re-orders the mq_setup to be done earlier so these system
M
level dependencies are ready before service activation.
Change-Id: Ibe6976b8f7ee56d74c2caf316ae5628e1926ef09
The variables blazar_developer_mode and blazar_venv_download
no longer carry any meaning. This review changes blazar to
do the equivalent of what developer_mode was all the time,
meaning that it always builds the venv and never requires
the repo server, but it will use a repo server when available.
As part of this, we move the source build out of its own file
because it's now a single task to include the venv build role.
This is just to make it easier to follow the code.
It looks like the project now needs authentication for the root
of the host so we'll test for that instead of 204.
Change-Id: Id1dc8d378cb57d6ab2b59da76468a4a0859466b1
In order to enable the service setup host python interpreter to
be changed easily, we make it a variable. This will be useful
when someone sets the service setup host to be the utility
container, because we'll be able to set this var by default.
Change-Id: Id634d63517f891a97245e08b3965f387c49bb222
The functional test check the responsiveness of the Blazar API. A
return of 204 code from the API verifies the success.
Rest of the changes ensure compliance with all the standards required
to make the linter and docs tests pass.
Change-Id: I640877817ad1ae312436932af87ad15094616f12
In order to radically simplify how we prepare the service
venvs, we use a common role to do the wheel builds and the
venv preparation. This makes the process far simpler to
understand, because the role does its own building and
installing. It also reduces the code maintenance burden,
because instead of duplicating the build processes in the
repo_build role and the service role - we only have it all
done in a single place.
We also change the role venv tag var to use the integrated
build's common venv tag so that we can remove the role's
venv tag in group_vars in the integrated build. This reduces
memory consumption and also reduces the duplication.
This is by no means the final stop in the simplification
process, but it is a step forward. The will be work to follow
which:
1. Replaces 'developer mode' with an equivalent mechanism
that uses the common role and is simpler to understand.
We will also simplify the provisioning of pip install
arguments when doing this.
Depends-On: https://review.openstack.org/598957
Change-Id: Ia84e9f0a7b7627182e4b10aa3fc4f0d708edfee8
Implements: blueprint python-build-install-simplification
Signed-off-by: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
This removes the systemd service templates and tasks from this role and
leverages a common systemd service role instead. This change removes a
lot of code duplication across all roles all without sacrificing features
or functionality. The intention of this change is to ensure uniformity and
reduce the maintenance burden on the community when sweeping changes are
needed.
Change-Id: Ife802766cefa8862f2b0e42f06c100b30d65edf8
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
In order to reduce the packages required to pip install on to the hosts,
we allow the service setup to be delegated to a specific host, defaulting
to the deploy host. We also switch as many tasks as possible to using the
built-in Ansible modules which make use of the shade library.
The 'virtualenv' package is now installed appropriately by the openstack_hosts
role, so there's no need to install it any more. The 'httplib2' package is a
legacy Ansible requirement for the get_url/get_uri module which is no longer
needed. The keystone client library is not required any more now that we're
using the upstream modules. As there are no required packages left, the task
to install them is also removed.
With the dependent patches, the openstack_openrc role is now executed once
on the designated host, so it is no longer required as a meta-dependency for
the role.
Change-Id: Ib41f12b837f73ea534c6a0f926a70f7a82d7a194
With the more recent versions of ansible, we should now use
"is" instead of the "|" sign for the tests.
This should fix it.
Change-Id: If24282ee9c81ee73e8861b62ecef6736d7c0b054
There is no record for why we implement the database creation outside
of the role in the playbook, when we could do it inside the role.
Implementing it inside the role allows us to reduce the quantity of
group_vars duplicated from the role, and allows us to better document
the required variables in the role. The delegation can still be done
as it is done in the playbook too.
In this patch we implement a new variable called 'blazar_db_setup_host'
which is used in the role to allow delegation of the database setup
task to any host, but defaults to the first member of the galera_all
host group. We also document the variable blazar_galera_address which
has been used for a long time, but never documented. A bunch of unused
variables have also been removed.
Change-Id: Id500e2b2a5b981609becc883edd3d166f70103f4
This introduces the most basic jobs for blazar, and makes
sure blazar passes lint tests.
This reverts commit a5b35ebf11,
effectively re-enabling zuul jobs, and adapts the role
to our latest standards (The lint tests were failing, as
the passwords were logged while setting up Blazar server)
Functional testing starts with -nv only. However, in this
commit we added the necessary `rabbitmq_all` group to
the infra1 group, to help further functional testing.
Co-Authored-By: Taseer Ahmed <taseer94@gmail.com>
Change-Id: Ic2560b53aebf69e4784ce56db6929fe010e6b11e
Dmitriy Rabotyagov