This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.
In order to ensure upgrade path and ability to switch back to HA queues
we change vhost names with removing leading `/`, as enabling quorum
requires to remove exchange which is tricky thing to do with running
services.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/896017
Change-Id: I0f6ae74be36c0cb7a2270cfa1085c44e6dd4dc77
OSA playbooks only call this role once for all Ironic containers
(API and inspector). As a result, the wheel builds only happen
once. If the first host (which is responsible for wheel builds)
is an API container, these vars would prevent Ironic inspector
requirements being accounted for, and as such no matching
constraints will be generated.
When the venv is deployed to the Ironic inspector container,
the lack of constraints can cause dependencies which are too new
to be installed, causing the service to fail.
Alternatively this role could be called twice by the playbook
for differing container/host roles, but as inspector is expected
to be merged into ironic at some point this feels equally valid.
Change-Id: I3952a4e5514824381410d87ed6d535f13ec40498
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: I1ab9664505068c20924370790322caa67cc6e022
At the moment we don't restart services if systemd unit file is changed.
We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now we ensure that role handlers will also listen for systemd
unit changes.
Change-Id: Ia9d1164e1e38201244a062be95f936b314c5c56b
Enabling this driver type ensures that the no-console, no-raid
and no-inspect interfaces are enabled so that they can be later
configured on a per-node basis if required.
These interfaces are useful to have enabled at the same time as
driver specific interfaces such as idrac or ilo in order so that
managment of specific functions can be disabled if required.
Change-Id: I2904ba005e3fa18faf8ccf04661e206501fa4aa3
This patch enables the native raid driver implementation for each
of the hardware types defined in `ironic_driver_types`. If necessary
this can be overridden in ironic.conf using config overrides.
Change-Id: I28b39b391d307e0a4aa71e13337f646d872925ec
idrac is the legacy name of the WSMAN interface. It has
been deprecated in favor of idrac-wsman and may be removed
in a future release of the idrac hardware type driver.
Change-Id: I2bf70374ac761c6ddeb8fc0b838470c036b70541
This patch adds the `console` field to the ironic_driver_types
variable and then enables a set of console drivers in the ironic
config through the `enabled_console_interfaces` option.
If `ipmitool-socat` is one of the enabled drivers, then the socat
distro package is installed to support that.
Defaults are added for socat bind address and port range to
use.
[1] https://opendev.org/openstack/ironic/src/branch/master/doc/source/admin/upgrade-to-hardware-types.rst
Change-Id: I36dd1a0ec69e5702143a1a26bd5901fc88706e84
Ironic and inspector are extensible via the stevedore framework.
In order to add extra plugins to the ironic and inspector venvs
extra variables are needed to supply user defined lists of python
packages to install.
Change-Id: I656abb90827486bbb69bf0ccd7e990fd680f2c51
Swift requires CA path to be set either with OS_CACERT env var or with
simmilar flag passed to command.
Change-Id: I40e4a0ae0e702fdc9bfbb18dcc6ef1ea3f84926f
With ansible-core 2.13 it tries to substitude package resolution in apt
module.
However git-core is used in Debian as transitional name, but ansible
tries to select it and provide version, which is not correct behaviour.
But since git-core is not really valid anyway, we just replace it
to workaround ansible's imperfectness.
Change-Id: I37db2654b6bb5339373befc708b4318a8edb1db5
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: I1d70c2c46fef6ffc0fcebe4b56a0ecdedc1d3298
Some paths are hardcoded to 'centos', when these are actually 'rocky'
on Rocky Linux installations. Use an ansible fact to obtain the correct
path.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/846224
Change-Id: Id6694d61d874a8542971075cb2377fb7f38bca96
This patchset adds support for deploying instances using UEFI baremetal
nodes. UEFI may replace Legacy BIOS mode in future Ironic releases. Tested
with Ubuntu Focal 20.04 LTS.
Change-Id: I0fa6234ec7321e1d69901175baeab4ddb08afc50
Since iSCSI deploy has been removed [1] we should also replace iscsi deploy with direct
since it's suggested deploy option.
[1] https://review.opendev.org/c/openstack/ironic/+/789382
Change-Id: I72f166b2fdd808b623e698f44c4d77747cc987bb
All references to Gentoo, SUSE, Debian stretch and Centos-7 are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible
Change-Id: Ia73e88947f52a74d9c03a17a7b1201a6346b5ac3
We use the same condition, which defines against what host some "service"
tasks should run against, several times. It's hard to keep it the same
across the role and ansible spending additional resources to evaluate
it each time, so it's simpler and better for the maintenance to set
a boolean variable which will say for all tasks, that we want to run
only against signle host, if they should run or not now.
Depends-On: https://review.opendev.org/758953
Change-Id: Iab3194322e133282fcb71830f2b94e1279106ebd
This patchset adds support for iPXE, which can speed up baremetal
provisioning considerably due to the use of HTTP versus TFTP.
Change-Id: I8b49ae37a0380cd7a2191f050a52c85cc373026b
Certain deployment interfaces, like iscsi, in Ironic need the sgdisk
utility installed onto the conductor to manipulate partition
information. The responsible package is now installed
Change-Id: Iabbcb65b3253813ba3d01cd9a38d5984e867c4ae
Closes-Bug: #1871927
1. There was an issue with pip packages not being installed when
inspector_hosts is not defined.
2. The db_setup task failed when inspector_hosts not defined because of
the condition.
Change-Id: I0ccd782ffd54322896559e5a6218ff532f3cae03
This commit enables and configures the Ironic Inspector. This feature
allows for baremetal nodes to be introspected. This provides useful
information about an Ironic host. Such information includes harware
and mac addresses.
Depends-On: https://review.opendev.org/680553
Change-Id: I2ee09d9cc20f9b8e4430c55129cd8bac9435299d
The iscsi deployment interface requires the sgdisk binary to
zero/partition the shared block device.
This commits adds the package as dependency.
Change-Id: I948b9712bbc6921d0c43d54e23c30735905a0dc3
Move service to use uWSGI role instead of iternal task for uwsgi
deployment. This aims to ease the maintenance of uWSGI and speedup
metal deployments as the same uwsgi environment will be used
across all services.
Change-Id: Ie79a7ba7d62504e9e81edbb386f8e52ce0a03074
This fixes the tftp service name on CentOS and makes sure that
the service is running on boot. It also makes sure that the
tftp_root is setup correctly for the default configuration
on CentOS.
Change-Id: I56944ea905b5ea908cf1e93d5ae1325e68788562
Ironic needs qemu-img in order to be able to convert images so this
commit adds it to the list of dependencies.
Change-Id: I429cffc8782c19fb2522520238ac356ab3c0a038
This patch aims to migrate service from usage of regular syslog files
to journald. We also disable uwsgi logging, since it dublicates
requests that are logged by service itself.
Change-Id: Iaddb2c158a52d90025899d9bfa5576358bef92dd
This removes the systemd service templates and tasks from this role and
leverages a common systemd service role instead. This change removes a
lot of code duplication across all roles all without sacrificing
features or functionality. The intention of this change is to ensure
uniformity and reduce the maintenance burden on the community when
sweeping changes are needed. The exterior role is built to be OSA
compatible and may be pulled into tree should we deem it necessary.
Change-Id: I404639ae7ebd349d4a11fc5ce1ef3d2805833217
The patch fixing packages names missed the syslinux-common
package, which also doesn't exist [1]. This should fix it.
Next to that, the location of files to copy are incorrect.
This should fix it.
[1]: https://review.opendev.org/#/c/670040/
Change-Id: I812436bb156eeee15b5e494e86b23069be82f814
Without this patch, ironic would fail to install on CentOS, as
libffi-dev doesn't exist (and other packages have the same problem).
This should fix it.
Change-Id: I2a10ce390815962b55897ddc45da995e4e45f9c0
This patch adds the Debian jobs for this role to make sure
it's always passing as well as updates the meta to reflect
it's support of Debian accordingly.
Depends-On: I9a92b73c419a0dc1cca40dacfef75de61a61db94
Change-Id: Ie9e9857ce1bd8fe93e63f3be3a02793c648f688b
The variables ironic_developer_mode and ironic_venv_download
no longer carry any meaning. This review changes ironic to
do the equivalent of what developer_mode was all the time,
meaning that it always builds the venv and never requires
the repo server, but it will use a repo server when available.
As part of this, we move the source build out of its own file
because it's now a single task to include the venv build role.
This is just to make it easier to follow the code.
Change-Id: Id58a2bcc215abe4595b594c08be60ca2a1490205
In order to radically simplify how we prepare the service
venvs, we use a common role to do the wheel builds and the
venv preparation. This makes the process far simpler to
understand, because the role does its own building and
installing. It also reduces the code maintenance burden,
because instead of duplicating the build processes in the
repo_build role and the service role - we only have it all
done in a single place.
We also change the role venv tag var to use the integrated
build's common venv tag so that we can remove the role's
venv tag in group_vars in the integrated build. This reduces
memory consumption and also reduces the duplication.
This is by no means the final stop in the simplification
process, but it is a step forward. The will be work to follow
which:
1. Replaces 'developer mode' with an equivalent mechanism
that uses the common role and is simpler to understand.
We will also simplify the provisioning of pip install
arguments when doing this.
2. Simplifies the installation of optional pip packages.
Right now it's more complicated than it needs to be due
to us needing to keep the py_pkgs plugin working in the
integrated build.
3. Deduplicates the distro package installs. Right now the
role installs the distro packages twice - just before
building the venv, and during the python_venv_build role
execution.
Depends-On: https://review.openstack.org/598957
Change-Id: I9c25b430bd7590131b50f36c697fcc24e1abaf64
Implements: blueprint python-build-install-simplification
Signed-off-by: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
The template would previously split strings so you'd get things like
enabled_hardware_types = p,x,e
Now we use jmespath to do the search of the lists/dicts for us.
Change-Id: I3f2f4550ed47b78c20d603d77124609c1ec2a63d
Removed unused variables when able and updated to the new ironic driver
definitions found here.
https://docs.openstack.org/ironic/latest/admin/upgrade-to-hardware-types.html
The intention is to support the drivers via profiles, so the table from
the above link was converted to a dictionary. This dictionary was used
as a source when combining / concatenating the various drivers for each
profile into a usable list. The standalone logic was simplified.
Change-Id: I19553af41b5e669386b855209c61235bf37371f2
Closes-Bug: 1758351
Zuul