With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: I9110294e492a501204c8e92448a2f2929781a509
By overriding the variable `manila_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the manila backend api.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: I38b95b73301d2210f64105c20f389c74498a5345
This was introduced when the role was created using os_cinder as
a starting point [1], as has never been used in the manila role.
[1] f9bfb7f0bc
Change-Id: I57df438cd25efd30e0e437470fc34df8fea1317c
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: Ie5ebb4d68ed06cff26462dc55092fda8a9ad2f44
Instead of running manilaclient on manila host, we're delegating
execution to service_setup_host. This reduce
complexity and remove some requirements for manila hosts.
With that we also replace usage of manilaclient
with openstackclient.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/845998
Change-Id: Ie04d9e1690e0f053e86e28e0bf1d6c3aa43774b0
With PKI role in place in most cases you don't need to explicitly
provide path to the CA file because PKI role ensures that CA is trusted
by the system overall. In the meanwhile in PyMySQL [1] you must either
provide CA file or cert/key or enable verify.
Since current behaviour is to provide path to the custom CA we expect
certificate being trusted overall. Thus we enable cert verification when
galera_use_ssl is True.
[1] 78f0cf99e5/pymysql/connections.py (L267)
Change-Id: I94b3f8ba5116cdfb94e9d0dc575bd7edb1d27b3c
- Implemented new variable ``connection_recycle_time`` responsible for SQLAlchemy's connection recycling
- Set new default values for db pooling variables which are inherited from the global ones.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819424
Change-Id: If245cd3f12a919933d912205dd60f1e02f555f7c
Instead of overriding each service separatelly it might make
sense for deployers to define some higher level variable that
will be used first or fallback to default variable.
Change-Id: Ie2c30dcc3640361b91e602125e98996c897f0f06
Move service to use uWSGI role instead of iternal task for uwsgi
deployment. This aims to ease the maintenance of uWSGI and speedup
metal deployments as the same uwsgi environment will be used
across all services.
Change-Id: I946adf21b58e117508dcc470c0fb3e9c2565c26d
Even the most modest 4C/8T system would run with the maximum 16 processes
due to the calculation being VCPU*2.
We devide amount of CPUs to number of threads for hyperthreaded CPUs
Change-Id: I40c292b7ba2f48a02ffe4c45d984ea7af6460f62
Move it to the service setup host (defaults to utility[0]) instead
of the galera[0] host, and use galera_address (defaults to internal VIP)
as the endpoint instead of a local connection on the db host.
Change-Id: I51f7612381c6b7180cc1af1f564196aa08b2ed15
This patch aims to add a prefix for memcached_server
on each role to give the ability for deployers to
override the location of memcached cluster. I.e users
wants to create a single memcached cluster with k8s
for each service.
We also add pymemcache based on [1]
[1] https://review.opendev.org/711429
Change-Id: I06993827240135365c83bbfd4a75712598a2310a
When we don't use localhost as deploy host, we need to use
manila_service_setup_host_python_interpreter variable.
This variable give the correct python path (in a venv for example when
we use a utility container as a setup host)
Change-Id: I34070aad44cfcbb59773196b0f74c10225bc9124
There are certain configuration values which are defaults and have
no purpose in being overwritten, users can use the overrides.
Also, some have been removed because they don't exist inside manila
anymore.
Change-Id: I1fada7b36fc0aae81f6adf5bc28035777e255eef
The uwsgi role assumes that the keys used match the service names
and all of our other services follow this pattern so let's keep
it the same for this.
Change-Id: Id740ff6704bddad306f7470665717dd5c8674e82
The config opt for manila's LVM driver:
"lvm_share_export_ip" has been deprecated in
favor of "lvm_share_export_ips" [1].
[1] Ib3594aa5d7751c829820fce830d87f6ceea6b049
Change-Id: I4e41279cd42a254fda3a200591bea2c44fecfb70
The developer mode no longer exists, therefore, we should remove
all references and we're already installing the distro devel
packages inside python_venv_build.
We were also referencing the wrong constraint variable, so this
fixes that as well.
Change-Id: Iaf2e848b80923718741c148f2a76d5a3efca53b1
This change updates manila so that it can function with cephfs.
While cephfs was assumed to work these changes solidify support
and tune up the role.
Change-Id: I4d95bfc15d09b7b7c0b997d7eab91509b0c63885
Signed-off-by: cloudnull <kevin@cloudnull.com>
Starting this new role as a copy of the os_cinder role due to the
similarities between the two openstack projects. This role will
deploy manila api, scheduler and share services on ubuntu with the
default local LVM backed NFS scenario.
Change-Id: Ibda073e5aaa6df3b254961d4aed3a8d5961f3432