While we assume that glance_additional_stores can be list of mappings
for multistore glance support, bunch of other logic in role still treats
it as simple list and make verifications against it. So in case one
dares to override variable according to our suggestion, they also need
to override bunch of other things.
We change defaults for `glance_available_stores` variable and always
define it as a multistore list of mappings.
Then we introduce a variable `glance_available_store_types` that is a
list of types for each of configured storage.
Logic of how storages are defined in glance config is also changed now.
Storages won't be defined if there's no "default" record for them in
glance_available_stores.
For each new store that deployer wants to provision, they now can pass
`config` key for glance stores, rather then use config overrides.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/901041
Change-Id: I1416e0f6e3ed79abd10f468b52fc712d35a61bd2
At the moment glance_cinder_store.filters is distributed through
glance_store [1] package.
Moreover, for quite some time glance has migrated to using privsep [2]
so internally maintained filters are not up to date anymore.
[1] f3f5bdb45b/etc/glance/rootwrap.d/glance_cinder_store.filters
[2] c369ba013f
Related-Bug: #900930
Change-Id: Ie097a019f058bac123acf14f51253c272c56aca5
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: Ifb3711157e77d5c917d05e4a384dead2abe72a7c
In order to be able to use tags to run systemd_service role solely,
they must be applied properly when role is included.
Change-Id: I121167e87b7aa68a75af17cbde084de5b1961264
By overriding the variable `glance_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the glance backend api.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: I5a0302c2fcc73a869de5633b2332a3b53c99590e
We need to define _glance_available_stores outside glance role to
use it in haproxy service definition.
It's a good idea to make `_glance_available_stores` public by moving it
out of role variables to role defaults beforehand.
Change-Id: Ieb10a0e5c9faf72c6bea4c45f7e216469971a1f3
At the moment we don't restart services if systemd unit file is changed.
We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now we ensure that role handlers will also listen for systemd
unit changes.
Change-Id: I5a52c0de14ee3a6215edb64dbc3bd48512d57e2e
Closes-Bug: #2009029
This line was introduced by I65d8e66673f5372fe880680a035842ffcd775ac2
for centos-7 support, and should already be covered by the
distribution_major_version line above.
Change-Id: I8a2a93aa3ecbb01451e940b7e71e5ac5bf48b880
Role was never migrated to usage of haproxy-endpoints role
and included task was used instead the whole time.
With that to reduce complexity and to have unified approach, all mention
of the role and handler are removed from the code.
Change-Id: I01225e479e22f3867e811055c8e5e87f644bf46e
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: Ib7fd1a80affe0fa8c6b030fdbfdd60693f104cd6
Related-Bug: #1948456
When default value has any concatenation, it tries to resolve variables
and always contcatenate even when it's not needed.
With that we need to set defaults for the variables that are inside
defaults, otherwise even if default not needed - task would fail on
default being undefined.
Change-Id: I4f445f280a71173f1b72a3b37bd9d54ea5694ac2
Currently we have bunch of limitations related to the format
of ``glance_nfs_client``. While systemd_mount role is flexible enough
to allow mount cephfs or s3fs, variable format has weird assumptions
that we want to change for better flexability.
Since keys of variable are changing, new name for it was picked to
reflect purpose of the variable better.
Change-Id: Ic0d91a3a873b4253255beac79becf01b4a304695
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.
This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.
Change-Id: If4b1fe7ec14ffb03be79d29e9d21d9ab829cb4ec
Systemd mount role now takes care of creating mount destinations
so there is no reason to handle this manually.
In addition to that, if user/group were not provided explicitly to the
ones set for NFS export, role was failing with permission denied
during re-run
Change-Id: Ib158e14c6f296795bb1f6eabdcfc23b80cbcd871
All references to Gentoo, SUSE, Debian stretch and Centos-7 are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible
Change-Id: Id4f43e11bb02733b90f8bdf49e86f7a37656c68f
ceph_client role checks length of the `openstack_service_venv_bin` variable
to determine if libraries symlinking into venv should occur. So for
distro path this should be empty string as no symlinking should be done.
Change-Id: I775d882382b06110358879034f735a8c6e73ec93
When we were migrating service to uwsgi usage, we clean forgot to
trigger uwsgi restart on service config change.
Change-Id: I4f230347a9c464244a6bac42e4234b627ca460ed
run_once can't be replaced with such condition since config files should
be put against all groups, and not only api one.
Change-Id: I345fcfbab0b7735ae671ff592c8549eb4dd53b02
We use the same condition, which defines against what host some "service"
tasks should run against, several times. It's hard to keep it the same
across the role and ansible spending additional resources to evaluate
it each time, so it's simpler and better for the maintenance to set
a boolean variable which will say for all tasks, that we want to run
only against signle host, if they should run or not now.
Change-Id: Ida1d88be3ae8f52b6c467563a9b99a7f7d44c4c0
Move it to the service setup host (defaults to utility[0]) instead
of the galera[0] host, and use galera_address (defaults to internal VIP)
as the endpoint instead of a local connection on the db host.
Change-Id: I7da95890045b216ba8946616790b7cd33ef2db52
Glance-registry service has been removed in V cycle with [1]
We do all necessary cleanup to fully remove service deployment.
[1] https://review.opendev.org/738671/
Change-Id: I0b2e2e39040fd0daef04724f94a39f2d11e4d105
Glance has dropped default policy.json [1] which
was used by "smart sources". We are fixing this by setting content
to empty dict, that way the only content deployed will be the one
provided by overrides, so that won't change current behaviour.
Additionally `glance_policy_content` has been introduced, which
eventually is going to replace `glance_policy_overrides` in the future.
[1] dd1975bd3e
Change-Id: I3f365684542b390ea02c08ab56f76a447f65a814
galnce_db_sync has no relation to common-db, and independent step
during glance configuration. common-db tag should be applied only
to the common tasks
Change-Id: I16df6895014f74f7e3d89489b10e91681511faa9
Update the ownership of the directory about NFS mount point(s).
This patch could be also stand as an improvement for future use.
Making the filesystem directory configurable, we are able to store
the image in the different directory (or in a new path) under
glance_system_user_home repo, which is able to be configured
dynamically, for instance, via deployment of a scenario.
Change-Id: I7403ac9bd85ea3ed149e13cb57c51039602f6ba1
Signed-off-by: Panagiotis Karalis <pkaralis@intracom-telecom.com>