Commit Graph

26 Commits

Author SHA1 Message Date
somayeh_hajiahmadi d44b25ebb8 use policy.yaml instead of policy.json due to latest change on gnocchi
check the config

Change-Id: Ie11f31e6e4a0ee64e6e191820ef9a00e72826a96
2023-11-28 09:08:32 +00:00
Damian Dabrowski e0e213efce Add TLS support to gnocchi backends
By overriding the variable `gnocchi_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the gnocchi backend api.

The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: Ie2c824052b0024d440b20febb34b6bde22f4fac2
2023-04-29 18:36:58 +02:00
Dmitriy Rabotyagov 8e875ef8ee Ensure service is restarted on unit file changes
At the moment we don't restart services if systemd unit file is changed.

We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now  we ensure that role handlers will also listen for systemd
unit changes.

Change-Id: I0265fc94d795360f6dfbddee5398ee067ea0422b
2023-04-10 16:00:41 +02:00
Jonathan Rosser 24356495c3 Remove apache to uwsgi migration tasks and variables
Change-Id: Idaec9f48bb1c7aff926071979773bca97f9ef2b3
2022-02-02 07:14:12 -05:00
Dmitriy Rabotyagov b7a76fb341 Start using uWSGI role
Move service to use uWSGI role instead of iternal task for uwsgi
deployment. This aims to ease the maintenance of uWSGI and speedup
metal deployments as the same uwsgi environment will be used
across all services.

Change-Id: Iec03bd79279e694678336880460bcb83f68d9780
2019-09-04 17:36:30 +03:00
Dmitriy Rabotyagov 57b88ebc65 Migrate gnocchi to use uWSGI
This patch moves gnocchi-api from usage of apache with mod_wsgi
to uWSGI, which means unification across another roles and
reduced maintenance costs

During migration period tasks that ensures apache won't listen
on gnocchi_service_port are present, but they are supposed to be removed
after train release.

Depends-On: https://review.opendev.org/671988
Change-Id: I06bbcb2f15108fc517742208ac5291719627ffe2
2019-07-25 22:47:29 +03:00
Dmitriy Rabotjagov f3eddb3d51 Convert systemd services to common role(s)
This removes the systemd service templates and tasks from this role and
leverages a common systemd service role instead. This change removes a
lot of code duplication across all roles all without sacrificing
features or functionality. The intention of this change is to ensure
uniformity and reduce the maintenance burden on the community when
sweeping changes are needed. The exterior role is built to be OSA
compatible and may be pulled into tree should we deem it necessary.

Change-Id: I54e3063d6e641a785377f9039641072f8001cf24
2019-02-16 22:30:01 +02:00
Jesse Pretorius 48aaa17291 Use a common python build/install role
In order to radically simplify how we prepare the service
venvs, we use a common role to do the wheel builds and the
venv preparation. This makes the process far simpler to
understand, because the role does its own building and
installing. It also reduces the code maintenance burden,
because instead of duplicating the build processes in the
repo_build role and the service role - we only have it all
done in a single place.

We also change the role venv tag var to use the integrated
build's common venv tag so that we can remove the role's
venv tag in group_vars in the integrated build. This reduces
memory consumption and also reduces the duplication.

This is by no means the final stop in the simplification
process, but it is a step forward. The will be work to follow
which:

1. Replaces 'developer mode' with an equivalent mechanism
   that uses the common role and is simpler to understand.
   We will also simplify the provisioning of pip install
   arguments when doing this.
2. Simplifies the installation of optional pip packages.
   Right now it's more complicated than it needs to be due
   to us needing to keep the py_pkgs plugin working in the
   integrated build.

Depends-On: https://review.openstack.org/598957
Change-Id: I7a6acaa94265b21fb886a775c3b5b86a4142a905
Implements: blueprint python-build-install-simplification
Signed-off-by: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
2018-09-03 11:59:53 +00:00
zhulingjie 02df8a90cd Remove the unnecessary space
Change-Id: I1269db95c4c5228aa8b7028f7cab2e8f40a09815
2018-07-11 23:01:09 -04:00
Jean-Philippe Evrard 2949cae220 Fix usage of "|" for tests
With the more recent versions of ansible, we should now use
"is" instead of the "|" sign for the tests.

This should fix it.

Change-Id: I2f92ab5520fb2e9822fcd0bbc3382305066c5d21
2018-07-12 16:44:21 +02:00
Jimmy McCrory 89baf3fccd Use listen instead of chained notifiers
From Ansible 2.2 onwards, listen can be used for
handlers instead of chaining notifiers. The
handlers are then executed in the sequence
present in the handler file.

Change-Id: I97a794220f3f97b41a70be5484ff48230214fa20
2018-03-17 14:15:07 -07:00
Cuong Nguyen c3191951ce Use group_names to check a host belongs to group
Change-Id: I4cd82763a512a1cdc7f74bc621f9a9f15135e080
2017-12-01 10:08:53 +07:00
Jenkins 23103d0d36 Merge "Ensure that policy file has correct group/mode" 2017-05-24 23:46:06 +00:00
Jesse Pretorius 97f58f4c7b Use command instead of debug for handlers
Due to the debug message plugin the handler restart
messages show at the end of the playbook execution
which is a little confusing. Using debug also
requires setting changed_when to true which is a
little extra bit of code which we do not have to
carry.

Instead we use the command module which is simple,
works and less wordy.

Change-Id: I5d4573e5415365fcd493850192f90a46897d6534
2017-05-24 11:32:11 +01:00
Jesse Pretorius 305414cee1 Ensure that policy file has correct group/mode
When the policy file is copied from the templated
file to the active file, it loses its group/mode
settings. This patch ensures that they are properly
replicated during the copy.

Change-Id: I30a371cbfd247dfaccfd6367555bf5b732eef689
2017-05-23 23:41:35 +01:00
Jesse Pretorius ff7854c5a5 Perform an atomic policy file change
The policy.json file is currently read continually by the
services and is not only read on service start. We therefore
cannot template directly to the file read by the service
(if the service is already running) because the new policies
may not be valid until the service restarts. This is
particularly important during a major upgrade. We therefore
only put the policy file in place after the service restart.

This patch also tidies up the handlers and some of the install
tasks to simplify them and reduce the tasks/code a little.

Change-Id: Ib62c9b0c8d1081409b06c35d27421a28da22c796
2017-04-28 17:28:11 +01:00
Andy McCrae 6a0c568967 Remove Trusty support from os_gnocchi role
Change-Id: I69dca19fa565bc92974f5dec132228f798d9ce13
Implements: blueprint trusty-removal
2016-12-15 13:17:31 +00:00
Marc Gariepy 259cf1e634 Add CentOS support for os_gnocchi role
Depends-on: Id31fb15b352a160c8f5139ae70966055d93f7ce6
Change-Id: I540e8f08f3a8935b6a5af5a73f0a896ec8ec7a98
2016-12-07 14:27:36 +00:00
Travis Truman 46a58b7851 Disable gnocchi-api service when mod_wsgi is used
The *_services dict pattern present in other roles
has been adopted and systemd/upstart service enablement
of the gnocchi-api service is now directly tied to the
state of `gnocchi_use_mod_wsgi`.

Change-Id: Ibc15c37bbd5a1a70b0774a1184b5759e558a0efb
Closes-Bug: #1633205
2016-11-09 15:05:25 -05:00
Travis Truman a620c8cad0 Fix bare variables in with_items
Addresses the deprecation warning:

"[DEPRECATION WARNING]: Using bare variables is deprecated. Update your
playbooks so that the environment value uses the full variable syntax"

Change-Id: I5deacf1b77b622ac2e7d884d5af221602efbaf23
2016-08-24 15:17:56 -04:00
Steve Lewis aa328e6da4 Use pbr WSGI script to build gnocchi-api
Removes host and port from api section of config file template.
Also cleans up Ansible Lint warnings

Related-To: I2298f9cb94a684747f4b4dbc262cdcab7de49175
Change-Id: I56954df3d13b86cfcb4eb68e419ce13dfac2c051
2016-07-08 00:26:59 -07:00
Steve Lewis 1c85381b33 Fix up handler behaviors, when they are notified, gnocchi lib
In testing the playbook was erroring during policy setup due to the API not
being available yet when the play runs, on a re-run of the playbook the issue
is no longer repeatable. This is an attempt to improve the resilience of the
play on the first pass so that a rerun is not necessary.
2016-01-18 14:39:51 -08:00
Steve Lewis 02aab9480f Add support for API through Apache + mod_wsgi
Also adds a delay and more retries to policy setup in order to ensure that
step completes successfully since the API takes a moment to stop returning
Status 503s.
2016-01-15 10:32:57 -08:00
Steve Lewis b7b4e8c95b Fix copyright messages again 2015-12-03 09:54:04 -08:00
Steve Lewis d437d2934f Add restart handlers for services 2015-11-20 16:55:17 -08:00
Steve Lewis c2d25ad2aa Initial Commit 2015-11-20 15:37:39 -08:00