Commit Graph

230 Commits

Author SHA1 Message Date
Dmitriy Rabotyagov 9b16df267a Add quorum queues support for service
This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.

In order to ensure upgrade path and ability to switch back to HA queues
we change vhost names with removing leading `/`, as enabling quorum
requires to remove exchange which is tricky thing to do with running
services.

Change-Id: I49f9a18430f4912fe3e2fda36da6ad2acf6dde35
2023-10-20 12:32:00 +00:00
Dmitriy Rabotyagov 101e63e17a Fix example playbook linters
Change-Id: I7c0a46811f109e8e043a6aad9114215ed3a3e5cb
2023-10-20 14:30:56 +02:00
Zuul 6b748386f4 Merge "Fix linters and metadata" 2023-08-22 17:31:58 +00:00
Dmitriy Rabotyagov f88e004698 Use proper galera port in configuration
While <service>_galera_port is defined and used for db_setup
role, it's not in fact used in a connection string for oslo.db.

Change-Id: If34f937fe46cc3a2f181324c011fa9c9082d41ad
2023-07-31 15:15:15 +02:00
Dmitriy Rabotyagov fc0da79db5 Fix linters and metadata
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.

With that we also update metdata to reflect current state.

Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: I7163d2e68b1f0f97bd31d7734a99f74ed60b1bb5
2023-07-14 18:33:14 +02:00
Zuul 70821bf2e4 Merge "Add TLS support to masakari backends" 2023-05-03 14:18:28 +00:00
Damian Dabrowski 7db1e9724b Add TLS support to masakari backends
By overriding the variable `masakari_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the masakari backend api.

The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: I2ea927dbfd7c9164b0f4d5fb793164ce4ad17094
2023-04-29 18:42:16 +02:00
Dmitriy Rabotyagov 7582a27761 Drop apt_package_pinning from role requirements
We don't pin packages in masakari role, so dependency on
apt_package_pinning role can be safely removed.

Change-Id: Ife81410d59e8a646aab741bc1a5ef01784bf13b0
Related-Bug: #1979145
2023-04-13 21:32:23 +02:00
Dmitriy Rabotyagov ded4cca891 Ensure service is restarted on unit file changes
At the moment we don't restart services if systemd unit file is changed.

We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now  we ensure that role handlers will also listen for systemd
unit changes.

Change-Id: I3f17e680d1bf9e6e34de6b611db2a484eabbded9
2023-04-10 16:22:19 +02:00
Erik Berg 0279305f3a Remove redundant vars line
This line has been here since the initial commit, but should already
be covered by the distribution_major_version line above.

Change-Id: If4f937f31f11e9b5c235dac6d8119bdc6905257c
2022-09-14 14:01:30 +02:00
Zuul 569baeb937 Merge "Support service tokens" 2022-06-18 11:11:46 +00:00
Dmitriy Rabotyagov 1ac273041b Support service tokens
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.

Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/845994
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/845894
Change-Id: I3db09c840b448c665c9f2a16c78fe0e0a38f158a
2022-06-15 18:50:21 +02:00
Dmitriy Rabotyagov e096ded631 Remove mention of haproxy-endpoints role
Role was never migrated to usage of haproxy-endpoints role
and included task was used instead the whole time.
With that to reduce complexity and to have unified approach, all mention
of the role and handler are removed from the code.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/845994
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/845894
Change-Id: I1ea93fd9bdb456387fd2cd2c124e399486bda46e
2022-06-15 14:09:47 +00:00
Dmitriy Rabotyagov abb26f320e Switch sphinx language to en
With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.


Change-Id: Ib85d59a879972de4f5771335f1772447f39d0219
2022-05-30 16:01:30 +02:00
Jonathan Rosser 1a44f7f29d Cleanup setup.py config
Change-Id: I91b356bd069a44929bb8941344255b5011af9187
2022-04-04 10:33:07 +01:00
Jonathan Rosser d9d1fc8b94 Remove legacy policy.json cleanup handler
Change-Id: Iec7ca7458c973048d3d6c9c1d4f27eb7bc9deb45
2022-02-02 04:18:13 -05:00
Zuul 08f8a76956 Merge "Use common service setup tasks from a collection rather than in-role" 2022-01-13 13:20:23 +00:00
Jonathan Rosser 961c07ebd8 Use common service setup tasks from a collection rather than in-role
Change-Id: I5bc0f6928b3b26ed4dbe13482a34bee6eb38c7ba
2022-01-12 17:27:16 +00:00
Jonathan Rosser 16f58914cd Refactor use of include_vars
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.

This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.

Change-Id: Id5beb6f4b7cafb1841cb2f1cb075cd04d911c456
2022-01-12 08:27:06 +00:00
OpenStack Proposal Bot 7497414d2d Updated from OpenStack Ansible Tests
Change-Id: I49fb240f9d95b0294c5136023678f20c5d904d57
2021-12-17 16:46:36 +00:00
OpenStack Proposal Bot 79aa3b0953 Updated from OpenStack Ansible Tests
Change-Id: I52acd1cd1598a81934c30a9f3ba14d84c6e2a0ce
2021-12-04 17:40:27 +00:00
Damian Dabrowski 859ca95e2c Database connection pooling improvements
- Implemented new variable ``connection_recycle_time`` responsible for SQLAlchemy's connection recycling
- Set new default values for db pooling variables which are inherited from the global ones.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819424
Change-Id: I02997d0537ac24bdd261b8bce8f4a2e34e1db74a
2021-12-03 11:41:10 +01:00
James Denton 2d5bedc1f1 Fix libvirt service name
This patch fixes an error encounter within the processmonitor. The
libvirt service name has been changed from libvirt-bin (doesn't exist)
to libvirtd. Tested on Ubuntu Server 20.04 (Focal).

Change-Id: I6f909cb0dec22db6b3ab05d2158ac6e0601f9ad3
2021-12-01 14:26:58 -06:00
Dmitriy Rabotyagov ce5c6d6da3 Use config_template as a collection
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814



Change-Id: If9bed4699d5a7ab10b6a9779ae6fbde143b747b7
2021-11-30 15:17:20 +02:00
Dmitriy Rabotyagov 224b2cf396 Refactor galera_use_ssl behaviour
With PKI role in place in most cases you don't need to explicitly
provide path to the CA file because PKI role ensures that CA is trusted
by the system overall. In the meanwhile in PyMySQL [1] you must either
provide CA file or cert/key or enable verify.

Since current behaviour is to provide path to the custom CA we expect
certificate being trusted overall. Thus we enable cert verification when
galera_use_ssl is True.

[1] 78f0cf99e5/pymysql/connections.py (L267)

Change-Id: I933e1edbd4260e2bd61bcceec3ddad8aea85353c
2021-09-21 15:44:37 +03:00
likui 67fdd695ca Changed minversion in tox to 3.18.0
The patch bumps min version of tox to 3.18.0 in order to
replace tox's whitelist_externals by allowlist_externals option:
https://github.com/tox-dev/tox/blob/master/docs/changelog.rst#v3180-2020-07-23

Change-Id: Ic318e3d89ba8f91fbe979da00e95a714678beae6
2021-07-03 21:57:12 +08:00
Zuul 1fe2df61d2 Merge "Use ansible_facts[] instead of fact variables" 2021-05-27 23:12:48 +00:00
Zuul 055eb191e5 Merge "Remove references to unsupported operating systems" 2021-05-26 11:08:27 +00:00
Dmitriy Rabotyagov ed61188567 Replace linters test with integarted one
We've created integrated linters check job a while back and it's successfully
working for several releases. At the moment we experience difficulties
with future maintenance of the linters check from the openstack-ansible-tests
repo. So instead of fixing current one, we replace it with modern version of
the test.


Change-Id: I0e6ded7eb4642e35ee88f4515aefec6c31f9937e
2021-05-21 15:53:02 +03:00
Zuul 0f98657941 Merge "Add variables for rabbitmq ssl configuration" 2021-05-18 14:31:00 +00:00
Jonathan Rosser 8884cbad52 Use ansible_facts[] instead of fact variables
See https://github.com/ansible/ansible/issues/73654

Change-Id: Ie827ed8b29b02fa268398be1c38b474a447d5c9d
2021-05-18 12:39:14 +00:00
Jonathan Rosser 9b4ac49fa9 Remove references to unsupported operating systems
All references to Gentoo, SUSE, Debian stretch and Centos-7  are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible

Change-Id: Ia712d170740c748002aa44d921ade8750997f8f0
2021-05-18 12:39:00 +00:00
Jonathan Rosser db3d249f8b Add variables for rabbitmq ssl configuration
Change-Id: I4f19472f3552a07d97c7cd4219c020bbfbc82137
2021-05-17 11:24:09 +00:00
Zuul 088e4fba80 Merge "setup.cfg: Replace dashes with underscores" 2021-05-11 07:39:38 +00:00
Dmitriy Rabotyagov 4e26900819 Add masakari-introspectiveinstancemonitor support
Masakari has added introspectiveinstancemonitor for a while, however it
has not bee implemented in OSA.

Change-Id: I3ae31a3518f5580aadcd9935dda9f1bdabb6ae7e
2021-05-03 14:10:44 +03:00
Dmitriy Rabotyagov 146824fd05 Replace deprecated host param for monitors
Definition of the host parameter has been deprecated in favor
of the hostname, which by default set to socket.gethostname().

Since instancemonitor started using hostname param, it should equal
to the names compute has in `compute service list`

To make this change backportable, we explicitly replace parameter to
avoid confusion about missing parameter.

Change-Id: I21c7c8cc90cb10afcc224c7cfb9c8c628e5a308b
2021-05-03 14:07:11 +03:00
Dmitriy Rabotyagov f8a6ebd134 Allow to configure corosync ports
We add 2 extra variables, to make corosync port configurable along with
enablement of ipmi checks.

Change-Id: I970bdaad0af79599d8a7c8cf95f89d273eb791de
2021-05-03 13:41:58 +03:00
XinxinShen 5ec76a586c setup.cfg: Replace dashes with underscores
Setuptools v54.1.0 introduces a warning that the use of dash-separated
options in 'setup.cfg' will not be supported in a future version [1].
Get ahead of the issue by replacing the dashes with underscores. Without
this, we see 'UserWarning' messages like the following on new enough
versions of setuptools:

  UserWarning: Usage of dash-separated 'description-file' will not be
  supported in future versions. Please use the underscore name
  'description_file' instead

[1] https://github.com/pypa/setuptools/commit/a2e9ae4cb

Change-Id: I04790eabe9680a5b2d19a3e721920e5c8f00aa9e
2021-04-28 11:19:11 +08:00
Zuul ab83972fde Merge "Updated from OpenStack Ansible Tests" 2021-04-19 13:37:27 +00:00
OpenStack Proposal Bot 9787383047 Updated from OpenStack Ansible Tests
Change-Id: Ibc9ca07880460151d198e66f1f47bb99976133cf
2021-04-19 09:58:44 +00:00
Kourosh Vivan 613ea6397d Fix masakari bind ip
Role default must use openstack bind address when provided, previous
behavior of masakari role was always bind 0.0.0.0

Change-Id: I813edb9ad9d054e1ca32f528b2e702d847cef023
2021-04-18 19:26:49 +02:00
Zuul ac4db5cd28 Merge "[goal] Deprecate the JSON formatted policy file" 2021-04-06 13:44:40 +00:00
Dmitriy Rabotyagov 08fbfade2a [goal] Deprecate the JSON formatted policy file
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to replace policy.json to
policy.yaml and remove deprecated policy.json.

config_template has been choosen instead of the copy, since it can
properly handle content that has been lookuped.

We make a separate task not to restart service when it's not needed.

[1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html

Change-Id: I8c89b6d193f221faad4db9e1d0b0152f262b823b
2021-03-24 12:12:48 +00:00
OpenStack Proposal Bot 6ce414178b Updated from OpenStack Ansible Tests
Change-Id: Ib1ce8ba62d65122956ebfc1f7bbd276b075eb479
2021-03-22 08:47:45 +00:00
OpenStack Proposal Bot a9a288a6b2 Updated from OpenStack Ansible Tests
Change-Id: Ic288a2100b138bd41107c3ada6ec6c9d68cf8877
2021-03-12 22:19:44 +00:00
Jonathan Rosser 9dcf91047c Switch default virtualenv to python3
Change-Id: I6d5edd4fd8f3db0839fc1ce3cad8832730ece696
2021-03-10 08:55:58 +00:00
Zuul 0d76e90d10 Merge "[reno] Stop publishing release notes" 2021-01-26 18:19:53 +00:00
Jonathan Rosser 58a8b65e8c Move masakari pip packages from constraints to requirements
This is necessary to use the new pip resolver

Change-Id: Ibace1c10a3d66ca7f1084ee53f27819a659e1246
2021-01-25 10:11:22 +00:00
dmitriy 962172b58b [reno] Stop publishing release notes
Since we copy all release notes to the integrated repo there is not need
in publishing release notes for each repository. We should only verify their
validity and linting.


Change-Id: I54e19c08c879665c1ed55541942fe2951d63f862
2021-01-22 18:26:26 +02:00
Dmitriy Rabotyagov 2454228066 Use global service variables
Instead of overriding each service separatelly it might make
sense for deployers to define some higher level variable that
will be used first or fallback to default variable.

Change-Id: Ie526c3fed0d6a1c706d5ef17e9c1bcb38418e861
2021-01-08 17:39:08 +02:00