Commit Graph

158 Commits

Author SHA1 Message Date
somayeh_hajiahmadi d44b25ebb8 use policy.yaml instead of policy.json due to latest change on gnocchi
check the config

Change-Id: Ie11f31e6e4a0ee64e6e191820ef9a00e72826a96
2023-11-28 09:08:32 +00:00
Dmitriy Rabotyagov 6b298913bc Fix linters and metadata
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.

With that we also update metdata to reflect current state.

Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/888517
Change-Id: Ib1a93dce0f64b6261af06956e3e1ee5472bede9c
2023-08-22 17:31:25 +00:00
Damian Dabrowski e0e213efce Add TLS support to gnocchi backends
By overriding the variable `gnocchi_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the gnocchi backend api.

The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: Ie2c824052b0024d440b20febb34b6bde22f4fac2
2023-04-29 18:36:58 +02:00
Erik Berg dd0c296120 Remove redundant vars line
This line was introduced by Ic1d3fc7089e80767ab59304642c8809d8a4e707f
to bring it in line with other OSA roles, but should already be
covered by the distribution_major_version line above.

Change-Id: Icdac9fabefe047895d446b0498897a15e8028738
2022-09-15 10:53:47 +02:00
Dmitriy Rabotyagov 6f3bcbe892 Support service tokens
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.

Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: Iaed7f2b4a724aed0f4165e32f3d40aac9d74edd7
2022-06-17 14:10:25 +00:00
Marc Gariepy 72091b236b Use common service setup tasks from a collection rather than in-role
Change-Id: I55a5cf3e8b704c21f8b68862df5e1fce656b4b71
2022-05-05 09:01:35 -04:00
Jonathan Rosser 24356495c3 Remove apache to uwsgi migration tasks and variables
Change-Id: Idaec9f48bb1c7aff926071979773bca97f9ef2b3
2022-02-02 07:14:12 -05:00
Jonathan Rosser 41efa83237 Refactor use of include_vars
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.

This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.

Change-Id: Ia6f6e36fc34e382eb02ea59973ee0a6e8aec20b4
2022-01-12 08:34:38 +00:00
Dmitriy Rabotyagov 691921257f Use config_template as a collection
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814



Change-Id: I5e9aac0216a7406fefe4bfe315bd914723c7e27c
2021-11-30 15:17:17 +02:00
Jonathan Herlin b9d2f805e3 Fix gnocchi multi-node when storage_driver is file
When gnocchi_storage_driver is file, run the db sync on all nodes.
But if gnocchi_storage_driver is other than file, run only on first node.

Closes-Bug: #1915618
Change-Id: I18a0ca9e32515194fbcf939bed53cdbef4de26f6
2021-11-10 17:44:55 +01:00
Dmitriy Rabotyagov b5c233cdad Use ceph_client symlinking process
This moves ceph_client include from the playbook
into the role itself to leverage libraries symlinking
inside venv and to align with other roles

Change-Id: I9f1339b0b592e18a227b9a53cad9ef4af7fa82c0
Needed-By: https://review.opendev.org/c/openstack/openstack-ansible/+/769974
2021-04-22 08:04:26 +00:00
Jonathan Rosser 1111c69813 Use ansible_facts[] instead of fact variables
See https://github.com/ansible/ansible/issues/73654

Change-Id: I1c82172d17fb2852c48453b77ffc59f7b9eca528
2021-03-16 08:03:50 +00:00
Jonathan Rosser ce0fd21213 Provide different package lists for install and wheel build
Also install libxml2 into the target host.

Change-Id: Ie7eeb360c44d1d496bacb6e7f393ac4a90c0236b
Closes-Bug: 1857899
Related-Bug: 1915617
2021-03-03 10:09:57 +00:00
Dmitriy Rabotyagov 503b4d25cf Delete gnocchi_identity_setup
This file duplicates the purpose of the service_setup.yml
so we're running same set of tasks twice.

Change-Id: Ia0ee853b14cffd3082346e20bb021da24e3f2c40
2021-02-18 12:30:31 +00:00
Dmitriy Rabotyagov cfa854fd06 Use global service variables
Instead of overriding each service separatelly it might make
sense for deployers to define some higher level variable that
will be used first or fallback to default variable.

Change-Id: I022d52c39c706fd9f82b9efcdcdc589a2e971d24
2021-01-08 16:46:52 +02:00
OpenStack Proposal Bot 0d015850a3 Updated from OpenStack Ansible Tests
Change-Id: I8b8102da999ba06d1ab7039db029390726027380
2020-10-19 09:19:57 +00:00
OpenStack Proposal Bot c2f9675e0f Updated from OpenStack Ansible Tests
Change-Id: I61aac084c76c3deb7c8aa3b59021bbdd96801917
2020-10-13 08:02:04 +00:00
Jonathan Rosser 948374ddf0 Use the utility host for db setup tasks
Move it to the service setup host (defaults to utility[0]) instead
of the galera[0] host, and use galera_address (defaults to internal VIP)
as the endpoint instead of a local connection on the db host.

Depends-On: https://review.opendev.org/754718
Depends-On: https://review.opendev.org/755258
Change-Id: I5098673bdf84d1c2b13ca87e474a5c598260ae94
2020-10-05 07:17:15 +00:00
Dmitriy Rabotyagov acce40d693 Define condition for the first play host one time
We use the same condition, which defines against what host some "service"
tasks should run against, several times. It's hard to keep it the same
across the role and ansible spending additional resources to evaluate
it each time, so it's simpler and better for the maintenance to set
a boolean variable which will say for all tasks, that we want to run
only against signle host, if they should run or not now.

Change-Id: I69c08fd522c1c80356000b1cf2a48a9b63327b3c
2020-09-16 11:55:55 +00:00
Zuul c293c91eeb Merge "Updated from OpenStack Ansible Tests" 2020-08-25 15:47:01 +00:00
Zuul fdfd81ab2f Merge "Fix run task conditionals" 2020-08-25 02:53:35 +00:00
OpenStack Proposal Bot ea7c361ad1 Updated from OpenStack Ansible Tests
Change-Id: If0fe203485a42f7d1d0f6405e67284504dc0d8f8
2020-08-12 11:32:56 +00:00
Dmitriy Rabotyagov 4fb7413e57 Fix run task conditionals
Current conditionals didn't work correctly with running tasks with --limit

We should intersect with ansible_play_hosts to get tasks run for specific
host only (ie running with --limit)

Change-Id: I56e873114cf85b29233d50a866ee925615dba70b
2020-08-07 03:40:35 +00:00
Dmitriy Rabotyagov a72f6d3ac8 Flush handlers before doing db upgrade
DB upgrade should be run after service restart, as new config should
be applied for that (instead of the default one).

Change-Id: Idb3d5da2dc851fb57dd94d31136e43c34350e0cf
2020-07-29 18:26:10 +03:00
Zuul 54c680d527 Merge "Updated from OpenStack Ansible Tests" 2020-06-17 12:34:12 +00:00
OpenStack Proposal Bot 5172592ad1 Updated from OpenStack Ansible Tests
Change-Id: I641803642d52cab54d7b08e8abe7062a2af21a1b
2020-06-08 19:54:46 +00:00
Jonathan Rosser 4067c26542 Use ansible openstack collection
Depends-On: https://review.opendev.org/718431
Depends-On: https://review.opendev.org/718362
Change-Id: Ib6ccf4102ffc2fc659554e31e480b22b1bfa72d9
2020-05-20 12:39:50 +00:00
Dmitriy Rabotyagov 26637323d5 Fix rados linking for py3
This patch detects correct lib path of gnocchi and use it for symlink
destination

Change-Id: I7b88a053ac5d779bc53a32c1294e76e2233cdd9e
2020-05-04 06:46:43 +03:00
Jonathan Rosser 7ab0e460d1 Allow venv python interpreter to be overridden
Change-Id: Id0b00e8253b907da4f038316a056e7b1b28a2172
2019-09-11 09:59:38 +01:00
Zuul 9e5ec1f8d5 Merge "Start using uWSGI role" 2019-09-07 01:56:16 +00:00
OpenStack Proposal Bot a4b64f38a4 Updated from OpenStack Ansible Tests
Change-Id: I7ffbf584205b27d9e010cbba3b24902c866a0e37
2019-09-04 15:13:58 +00:00
Dmitriy Rabotyagov b7a76fb341 Start using uWSGI role
Move service to use uWSGI role instead of iternal task for uwsgi
deployment. This aims to ease the maintenance of uWSGI and speedup
metal deployments as the same uwsgi environment will be used
across all services.

Change-Id: Iec03bd79279e694678336880460bcb83f68d9780
2019-09-04 17:36:30 +03:00
OpenStack Proposal Bot 6eaddb9daa Updated from OpenStack Ansible Tests
Change-Id: I2db6ad400d743615a18bcd533228e20d5402970a
2019-08-20 03:05:59 +00:00
Dmitriy Rabotjagov 17a2175bda service_setup: refactor service setup to a single file
This patch refactors the openstack user/service/endpoints creation to
service_setup.yml which will eventually be managed by
openstack-ansible-tests.

Change-Id: Ic126b9ad6fa4905514f356b98690e04965f4d93c
2019-07-30 11:36:55 +00:00
Dmitriy Rabotyagov 57b88ebc65 Migrate gnocchi to use uWSGI
This patch moves gnocchi-api from usage of apache with mod_wsgi
to uWSGI, which means unification across another roles and
reduced maintenance costs

During migration period tasks that ensures apache won't listen
on gnocchi_service_port are present, but they are supposed to be removed
after train release.

Depends-On: https://review.opendev.org/671988
Change-Id: I06bbcb2f15108fc517742208ac5291719627ffe2
2019-07-25 22:47:29 +03:00
Dmitriy Rabotyagov eb083ecf9f Use systemd-journald instead of log files
This patch aims to migrate service from usage of regular syslog files
to journald. We also disable uwsgi logging, since it dublicates
requests that are logged by service itself.

Change-Id: I3f6a1cee0e98372881b015ebf06e405c79495fe1
2019-07-17 00:26:00 +03:00
Zuul 742f54953d Merge "Fix ansible_python_interpreter for identity setup" 2019-06-05 15:20:57 +00:00
Guilherme Steinmüller f8809b4cab db_setup: refactor database setup to a common file
This patch refactors the database creation to db_setup.yml which
will eventually be managed by openstack-ansible-tests.

This also re-orders the mq_setup to be done earlier so these system
level dependencies are ready before service activation.

Change-Id: Ibda9982a85b967dac091bdcd0e115b3c6333361b
2019-06-03 19:43:40 +00:00
Logan V e0f7727892 Fix ansible_python_interpreter for identity setup
I04e853fb582d7b39708a2fb6ed854b4e458f06d9 fixed this for
gnocchi_service_setup, but did not fix it in gnocchi_identity_setup.

Change-Id: Ic889b94c07d1479da8f7004fce21786e9fb77826
2019-05-22 10:36:11 -05:00
Dmitriy Rabotjagov d986ef18a9 Update role for new source build process
The variables gnocchi_developer_mode and gnocchi_venv_download
no longer carry any meaning. This review changes gnocchi to
do the equivalent of what developer_mode was all the time,
meaning that it always builds the venv and never requires
the repo server, but it will use a repo server when available.

We also change include_tasks to import_tasks so that the
tags in the python_venv_build role will work.

Change-Id: I6c43b8c9e627b9e10deda4d500da21eb29bb9206
2019-03-27 15:48:23 +02:00
Kevin Carter 1e9d2791ee Remove the private option from include_role
The private option on include role was never implemented and
will no longer be developed. This change removes the option
so ansible no longer raises a deprecation warning.

Change-Id: I419cdf1a38f6fc8431934b3fe112ffaf8776aaac
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2019-02-22 00:49:53 +00:00
Dmitriy Rabotjagov f3eddb3d51 Convert systemd services to common role(s)
This removes the systemd service templates and tasks from this role and
leverages a common systemd service role instead. This change removes a
lot of code duplication across all roles all without sacrificing
features or functionality. The intention of this change is to ensure
uniformity and reduce the maintenance burden on the community when
sweeping changes are needed. The exterior role is built to be OSA
compatible and may be pulled into tree should we deem it necessary.

Change-Id: I54e3063d6e641a785377f9039641072f8001cf24
2019-02-16 22:30:01 +02:00
Jesse Pretorius 83bac058ed Enable overriding the service setup host python interpreter
In order to enable the service setup host python interpreter to
be changed easily, we make it a variable. This will be useful
when someone sets the service setup host to be the utility
container, because we'll be able to set this var by default.

Change-Id: I04e853fb582d7b39708a2fb6ed854b4e458f06d9
2018-11-30 16:03:57 +00:00
ZhijunWei 1ccaa81bc7 use include_tasks instead of include
include is marked as deprecated since ansible 2.4[0]

Switch to include_tasks or import_playbook as necessary

[0] https://docs.ansible.com/ansible/2.4/include_module.html#deprecated

Change-Id: I9d70ec2b84cfb1ccd465e52c96addfadf248f3d1
2018-09-08 14:33:16 +00:00
Jesse Pretorius 48aaa17291 Use a common python build/install role
In order to radically simplify how we prepare the service
venvs, we use a common role to do the wheel builds and the
venv preparation. This makes the process far simpler to
understand, because the role does its own building and
installing. It also reduces the code maintenance burden,
because instead of duplicating the build processes in the
repo_build role and the service role - we only have it all
done in a single place.

We also change the role venv tag var to use the integrated
build's common venv tag so that we can remove the role's
venv tag in group_vars in the integrated build. This reduces
memory consumption and also reduces the duplication.

This is by no means the final stop in the simplification
process, but it is a step forward. The will be work to follow
which:

1. Replaces 'developer mode' with an equivalent mechanism
   that uses the common role and is simpler to understand.
   We will also simplify the provisioning of pip install
   arguments when doing this.
2. Simplifies the installation of optional pip packages.
   Right now it's more complicated than it needs to be due
   to us needing to keep the py_pkgs plugin working in the
   integrated build.

Depends-On: https://review.openstack.org/598957
Change-Id: I7a6acaa94265b21fb886a775c3b5b86a4142a905
Implements: blueprint python-build-install-simplification
Signed-off-by: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
2018-09-03 11:59:53 +00:00
Jesse Pretorius ca0211a08b Upgrade pip/setuptools/wheel in role test venv
In the integrated build, the repo build process upgrades
pip/setuptools/wheel in the venv to our preferred pinned
version, but the role tests using developer mode does not.

Gnocchi, since 4.3.0 [1] requires setuptools > 30.3.0 -
but CentOS only has 28.8.0 when it builds the venv, so the
package install fails.

In this patch we create the venv, then upgrade pip,
setuptools and wheel, then install the keystone packages.

Doing this for all roles is impractical, but it will be
necessary to unblock patches from merging into this role
today. In the future when we use the python_venv_build role
we can do all this there instead of repeating this patch
across all the roles.

[1] 3f8a22a51b
Change-Id: Ibb5a068350b30f0d74ef26a55528527bd9e646a3
2018-08-27 21:06:33 +01:00
Jonathan Rosser c6044b15c1 Bring gather vars in line with other OSA roles
Change-Id: Ic1d3fc7089e80767ab59304642c8809d8a4e707f
2018-07-27 21:45:34 +01:00
Jean-Philippe Evrard 2949cae220 Fix usage of "|" for tests
With the more recent versions of ansible, we should now use
"is" instead of the "|" sign for the tests.

This should fix it.

Change-Id: I2f92ab5520fb2e9822fcd0bbc3382305066c5d21
2018-07-12 16:44:21 +02:00
Jesse Pretorius a8a34fe719 Execute service setup against a delegated host using Ansible built-in modules
In order to reduce the packages required to pip install on to the hosts,
we allow the service setup to be delegated to a specific host, defaulting
to the deploy host. We also switch as many tasks as possible to using the
built-in Ansible modules which make use of the shade library.

The 'virtualenv' package is now installed appropriately by the openstack_hosts
role, so there's no need to install it any more. The 'httplib2' package is a
legacy Ansible requirement for the get_url/get_uri module which is no longer
needed. The keystone client library is not required any more now that we're
using the upstream modules. As there are no required packages left, the task
to install them is also removed.

With the dependent patches, the openstack_openrc role is now executed once
on the designated host, so it is no longer required as a meta-dependency for
the role.

Depends-On: https://review.openstack.org/579233
Depends-On: https://review.openstack.org/579959
Change-Id: I4131312eea8c743e7803ccc622b7642c6082a4c8
2018-07-06 13:48:11 +00:00
Jesse Pretorius 2261aee6c1 Move database creation into role
There is no record for why we implement the database creation outside
of the role in the playbook, when we could do it inside the role.

Implementing it inside the role allows us to reduce the quantity of
group_vars duplicated from the role, and allows us to better document
the required variables in the role. The delegation can still be done
as it is done in the playbook too.

In this patch we implement a new variable called 'gnocchi_db_setup_host'
which is used in the role to allow delegation of the database setup
task to any host, but defaults to the first member of the galera_all
host group. We also document the variable gnocchi_galera_address which
has been used for a long time, but never documented.

Change-Id: Idff20080d825e5afd071cbc03055f96c920aff9d
2018-06-01 14:53:21 +01:00