With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: I9110294e492a501204c8e92448a2f2929781a509
By overriding the variable `manila_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the manila backend api.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: I38b95b73301d2210f64105c20f389c74498a5345
For backends creation we verify that API is reachable. With that on real
deployments we disable container we're running against on haproxy.
This results in task failure. To avoid that we add backends when
share/data services for manila. This is done in separate play when
all API backends should be enabled and functioning properly.
Change-Id: I6dcbae2896668f5fbb6f09bffc94cb6e90699e92
Closes-Bug: #1979209
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: Ie5ebb4d68ed06cff26462dc55092fda8a9ad2f44
Role was never migrated to usage of haproxy-endpoints role
and included task was used instead the whole time.
With that to reduce complexity and to have unified approach, all mention
of the role and handler are removed from the code.
Change-Id: Ia04bd0a729100ed3f0bade9185b0703ce903635f
Instead of running manilaclient on manila host, we're delegating
execution to service_setup_host. This reduce
complexity and remove some requirements for manila hosts.
With that we also replace usage of manilaclient
with openstackclient.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/845998
Change-Id: Ie04d9e1690e0f053e86e28e0bf1d6c3aa43774b0
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.
This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.
Change-Id: I4983e2e13eb3ec29b0417094cf66629ce0f89052
All references to Gentoo, SUSE, Debian stretch and Centos-7 are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible
Change-Id: I508c7aea34bb706b58fc69be8bfb6c06d50f2f40
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to replace policy.json to
policy.yaml and remove deprecated policy.json.
config_template has been choosen instead of the copy, since it can
properly handle content that has been lookuped.
We make a separate task not to restart service when it's not needed.
CephFS Native hook has been removed since [2] as manila leverages MGR
now and doesn't require having directory in share.
Additionally bionic test is removed as we don't have Octopus infra
mirrors for it.
[1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html
[2] a830710939
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/791202
Change-Id: I7a1807e4b984e31cb6250132f35d4c27f0b69b0c
Move service to use uWSGI role instead of iternal task for uwsgi
deployment. This aims to ease the maintenance of uWSGI and speedup
metal deployments as the same uwsgi environment will be used
across all services.
Change-Id: I946adf21b58e117508dcc470c0fb3e9c2565c26d
We use the same condition, which defines against what host some "service"
tasks should run against, several times. It's hard to keep it the same
across the role and ansible spending additional resources to evaluate
it each time, so it's simpler and better for the maintenance to set
a boolean variable which will say for all tasks, that we want to run
only against signle host, if they should run or not now.
Change-Id: I9dbb96df92711467aaa7676534adfd1f7013cb27
ceph_client role checks length of the `openstack_service_venv_bin` variable
to determine if libraries symlinking into venv should occur. So for
distro path this should be empty string as no symlinking should be done.
Change-Id: I6c46414fe773b85cea6d8e90d67450f712f96937
Move it to the service setup host (defaults to utility[0]) instead
of the galera[0] host, and use galera_address (defaults to internal VIP)
as the endpoint instead of a local connection on the db host.
Change-Id: I51f7612381c6b7180cc1af1f564196aa08b2ed15
When we don't use localhost as deploy host, we need to use
manila_service_setup_host_python_interpreter variable.
This variable give the correct python path (in a venv for example when
we use a utility container as a setup host)
Change-Id: I34070aad44cfcbb59773196b0f74c10225bc9124
Previously _manila_backends was set only in case manila-share and
manila-api are the same host, which is the case only for aio deployments
Now fact will be set in an appropriate way.
This also drops facts refresh task since it's not need since queens and
uses tempfile for creating temporary directory
Change-Id: Ie5f95b7e80cd7fd26ee1f25aedf938abff131623
The uwsgi role assumes that the keys used match the service names
and all of our other services follow this pattern so let's keep
it the same for this.
Change-Id: Id740ff6704bddad306f7470665717dd5c8674e82
This patch refactors the openstack user/service/endpoints creation to
service_setup.yml which will eventually be managed by
openstack-ansible-tests.
Change-Id: Ie7533f10054abe382e21bca875d084449ee3047d
Do not carry and maintain rootwrap and api files, since they are present
inside pip packages and deployed during installation.
This also adds deployment of rootwrap filters for manila-share nodes.
Change-Id: I41b680f5dcb5be92e3304c591d9a4705cf138a72
This patch changes condition when db_setup is launched
since it used non-existent key for retrieving host for execution.
Change-Id: I98fc2e4703cfec45da118958bf79a4bea70b5ff9
This patch refactors the database creation to db_setup.yml which
will eventually be managed by openstack-ansible-tests.
This also re-orders the mq_setup to be done earlier so these system
level dependencies are ready before service activation.
Change-Id: I6941e8f928dca35791b313caafe7dbf9202ed689
Dmitriy Rabotyagov