Commit Graph

61 Commits

Author SHA1 Message Date
Dmitriy Rabotyagov fc0da79db5 Fix linters and metadata
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.

With that we also update metdata to reflect current state.

Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: I7163d2e68b1f0f97bd31d7734a99f74ed60b1bb5
2023-07-14 18:33:14 +02:00
Damian Dabrowski 7db1e9724b Add TLS support to masakari backends
By overriding the variable `masakari_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the masakari backend api.

The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: I2ea927dbfd7c9164b0f4d5fb793164ce4ad17094
2023-04-29 18:42:16 +02:00
Dmitriy Rabotyagov ded4cca891 Ensure service is restarted on unit file changes
At the moment we don't restart services if systemd unit file is changed.

We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now  we ensure that role handlers will also listen for systemd
unit changes.

Change-Id: I3f17e680d1bf9e6e34de6b611db2a484eabbded9
2023-04-10 16:22:19 +02:00
Erik Berg 0279305f3a Remove redundant vars line
This line has been here since the initial commit, but should already
be covered by the distribution_major_version line above.

Change-Id: If4f937f31f11e9b5c235dac6d8119bdc6905257c
2022-09-14 14:01:30 +02:00
Dmitriy Rabotyagov 1ac273041b Support service tokens
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.

Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/845994
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/845894
Change-Id: I3db09c840b448c665c9f2a16c78fe0e0a38f158a
2022-06-15 18:50:21 +02:00
Zuul 08f8a76956 Merge "Use common service setup tasks from a collection rather than in-role" 2022-01-13 13:20:23 +00:00
Jonathan Rosser 961c07ebd8 Use common service setup tasks from a collection rather than in-role
Change-Id: I5bc0f6928b3b26ed4dbe13482a34bee6eb38c7ba
2022-01-12 17:27:16 +00:00
Jonathan Rosser 16f58914cd Refactor use of include_vars
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.

This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.

Change-Id: Id5beb6f4b7cafb1841cb2f1cb075cd04d911c456
2022-01-12 08:27:06 +00:00
OpenStack Proposal Bot 79aa3b0953 Updated from OpenStack Ansible Tests
Change-Id: I52acd1cd1598a81934c30a9f3ba14d84c6e2a0ce
2021-12-04 17:40:27 +00:00
Dmitriy Rabotyagov ce5c6d6da3 Use config_template as a collection
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814



Change-Id: If9bed4699d5a7ab10b6a9779ae6fbde143b747b7
2021-11-30 15:17:20 +02:00
Jonathan Rosser 8884cbad52 Use ansible_facts[] instead of fact variables
See https://github.com/ansible/ansible/issues/73654

Change-Id: Ie827ed8b29b02fa268398be1c38b474a447d5c9d
2021-05-18 12:39:14 +00:00
OpenStack Proposal Bot 9787383047 Updated from OpenStack Ansible Tests
Change-Id: Ibc9ca07880460151d198e66f1f47bb99976133cf
2021-04-19 09:58:44 +00:00
Dmitriy Rabotyagov 08fbfade2a [goal] Deprecate the JSON formatted policy file
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to replace policy.json to
policy.yaml and remove deprecated policy.json.

config_template has been choosen instead of the copy, since it can
properly handle content that has been lookuped.

We make a separate task not to restart service when it's not needed.

[1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html

Change-Id: I8c89b6d193f221faad4db9e1d0b0152f262b823b
2021-03-24 12:12:48 +00:00
OpenStack Proposal Bot b09ba50595 Updated from OpenStack Ansible Tests
Change-Id: Ib1a7fc81b7b250fdc1e0033ee0e14195f763ea61
2020-10-19 09:20:20 +00:00
OpenStack Proposal Bot 4ee7d865f8 Updated from OpenStack Ansible Tests
Change-Id: I49d276b2d878a04a2ebcc2dec82333b2fc8e3a12
2020-10-01 14:30:54 +00:00
Dmitriy Rabotyagov 6c127934e9 Define condition for the first play host one time
We use the same condition, which defines against what host some "service"
tasks should run against, several times. It's hard to keep it the same
across the role and ansible spending additional resources to evaluate
it each time, so it's simpler and better for the maintenance to set
a boolean variable which will say for all tasks, that we want to run
only against signle host, if they should run or not now.

Change-Id: Iadca3596f21f83bdb090c8bf45b323bf04154e92
2020-09-16 13:50:31 +00:00
Dmitriy Rabotyagov 8374993aff Use the utility host for db setup tasks
Move it to the service setup host (defaults to utility[0]) instead
of the galera[0] host, and use galera_address (defaults to internal VIP)
as the endpoint instead of a local connection on the db host.

Change-Id: I3347e9a33beff2f0dc57c429acd973f20789912c
2020-08-20 18:34:36 +03:00
OpenStack Proposal Bot 6dcd13a988 Updated from OpenStack Ansible Tests
Change-Id: Id99c17840f56e7ff9508248c8ef19047449d1643
2020-08-12 11:33:53 +00:00
OpenStack Proposal Bot 398cb2b9a5 Updated from OpenStack Ansible Tests
Change-Id: I8ca8ea4dc76f7fe48f73a39e7337f26af3f75ffe
2020-06-08 19:55:38 +00:00
Dmitriy Rabotyagov 3f5f393d22 Use openstack_venv_python_executable
Make masakari respect set openstack_venv_python_executable
This also will create py3 venvs by default

Change-Id: I9d7abbeff0f68cad3b646cde270437c88554080c
2020-05-06 12:22:36 +03:00
OpenStack Proposal Bot bdd8997f11 Updated from OpenStack Ansible Tests
Change-Id: I786e4b155e7d4505a840c97821bf04c065438084
2019-09-04 15:15:48 +00:00
Dmitriy Rabotyagov be0a6d48b9 service_setup: refactor service setup to a single file
This patch refactors the openstack user/service/endpoints creation to
service_setup.yml which will eventually be managed by
openstack-ansible-tests.

Change-Id: Id0d68668cdbf9c9e9c4738c8e1dd053586f6a5c0
2019-08-07 19:11:20 +03:00
Dmitriy Rabotyagov 9d8a95d03a Use systemd-journald instead of log files
This patch aims to migrate service from usage of regular syslog files
to journald. We also disable uwsgi logging, since it dublicates
requests that are logged by service itself.

Change-Id: I4168cd484ef52cc7b47efdbcc26d3d3550d28654
2019-07-17 16:30:20 +03:00
OpenStack Proposal Bot 76a5463bbe Updated from OpenStack Ansible Tests
Change-Id: I22a25f526ecbba18340eca330075269ce5b54698
2019-07-16 14:52:11 +00:00
OpenStack Proposal Bot 14dbc319bb Updated from OpenStack Ansible Tests
Change-Id: I485dbf24fbb69773c2bf9a9fa1e6328cf751ea8e
2019-06-18 18:16:07 +00:00
OpenStack Proposal Bot b45a1b91b5 Updated from OpenStack Ansible Tests
Change-Id: I29a8a46b06333ed63e179321aafa223661220dba
2019-06-11 22:18:24 +00:00
Guilherme Steinmüller e41bffedad db_setup: refactor database setup to a common file
This patch refactors the database creation to db_setup.yml which
will eventually be managed by openstack-ansible-tests.

This also re-orders the mq_setup to be done earlier so these system
level dependencies are ready before service activation.

Change-Id: I1fd7d4ba9ad34732d76f1ed7030155a26742f0c9
2019-06-04 03:13:08 +00:00
Zuul 70294569bb Merge "Drop private argument for include/import role" 2019-05-17 15:42:03 +00:00
Dmitriy Rabotjagov 74e952c394 Drop private argument for include/import role
Since ansible 2.8 dropped private argument is not supported anymore:
https://github.com/ansible/ansible/issues/45038

Change-Id: I372ba04d30f481a48b9a0d784bd72218385797ca
2019-05-17 11:38:02 +03:00
OpenStack Proposal Bot 238486ed4a Updated from OpenStack Ansible Tests
Change-Id: I6b9adfb3526cb441d5296c22e540a683000d2c79
2019-05-09 11:34:56 +00:00
OpenStack Proposal Bot 0bd773478b Updated from OpenStack Ansible Tests
Change-Id: I00909f3ef1fdfdbab0d8611bc9167673af333be5
2019-04-17 19:11:52 +00:00
OpenStack Proposal Bot 8a15c5744d Updated from OpenStack Ansible Tests
Change-Id: If9081b210511334b7a8382effbdc189e2e51eacb
2019-04-17 07:25:38 +00:00
OpenStack Proposal Bot 2bde761e57 Updated from OpenStack Ansible Tests
Change-Id: Ic483326e73945d90d7eab50ed51e7d4d24c98f1f
2019-04-13 20:22:50 +00:00
OpenStack Proposal Bot ccc247eaf4 Updated from OpenStack Ansible Tests
Change-Id: I0bd4f46b19820605c60266428150582b20fa437e
2019-04-01 13:19:02 +00:00
Dmitriy Rabotjagov a9c05684e9 Update role for new source build process
The variables masakari_developer_mode and masakari_venv_download
no longer carry any meaning. This review changes masakari to
do the equivalent of what developer_mode was all the time,
meaning that it always builds the venv and never requires
the repo server, but it will use a repo server when available.

We also change include_tasks to import_tasks and include_role
to import_role so that the tags in the python_venv_build role
will work.

Depends-On: https://review.openstack.org/#/c/647571/
Change-Id: I850ba83a8683be45988f2d9eafcc6a2e8ad4d8b2
2019-03-27 15:46:15 +02:00
Dmitriy Rabotjagov 4c7fb49c2b Rename masakari_venv_pip_packages to exclude from repo_build process
Variable masakari_venv_pip_packages was renamed in order to exclude from
repo-build process, as it fails in case of Jinja inside *_pip_packages.

As this variable collects all other *_pip_packages lists, repo_build
will still have all mentioned packages, so it's safe to rename this var.

Change-Id: Ib33d7bc83f1428763f873e1155fd9e3eb4c937e4
2019-03-21 20:16:40 +02:00
Jesse Pretorius 0ba806a9b5 Enable overriding the service setup host python interpreter
In order to enable the service setup host python interpreter to
be changed easily, we make it a variable. This will be useful
when someone sets the service setup host to be the utility
container, because we'll be able to set this var by default.

Change-Id: I0f34a17274ec1abcb43efffcba196049b6161edb
2018-11-30 16:23:24 +00:00
Dmitriy Rabotjagov d0e8674f92 Basic implementation of masakari-monitors
With this change masakari-monitors will be installed on hosts
which are in group masakari-monitor (supposed to be nova compute hosts)

hostmonitor depends on pacemaker with corosync, which are implemented by
https://github.com/mit-scripts/ansible-pacemaker-corosync

Masakari api/engine config was simplified and unneccesary defaults
were removed from it.

Role now uses default ``systemd_service`` role for systemctl configuration

Co-Authored-By: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Implements: blueprint masakari-ansible-plugin
Change-Id: I334877c0111a45d3f3a74e7f56931786f4301713
2018-11-06 19:46:53 +02:00
Zuul 528e94d7c8 Merge "Remove the static when use include_tasks feature" 2018-09-08 20:39:57 +00:00
zhulingjie 21cc85a5ea use include_tasks instead of include
include is marked as deprecated since ansible 2.4[0]

Switch to include_tasks or import_playbook as necessary

[0] https://docs.ansible.com/ansible/2.4/include_module.html#deprecated

Change-Id: I646c3a299981e2b3e155c0316a1abb03a8943c7e
2018-09-01 22:42:46 -04:00
Jesse Pretorius e5aaaef746 Use a common python build/install role
In order to radically simplify how we prepare the service
venvs, we use a common role to do the wheel builds and the
venv preparation. This makes the process far simpler to
understand, because the role does its own building and
installing. It also reduces the code maintenance burden,
because instead of duplicating the build processes in the
repo_build role and the service role - we only have it all
done in a single place.

We also change the role venv tag var to use the integrated
build's common venv tag so that we can remove the role's
venv tag in group_vars in the integrated build. This reduces
memory consumption and also reduces the duplication.

This is by no means the final stop in the simplification
process, but it is a step forward. The will be work to follow
which:

1. Replaces 'developer mode' with an equivalent mechanism
   that uses the common role and is simpler to understand.
   We will also simplify the provisioning of pip install
   arguments when doing this.
2. Simplifies the installation of optional pip packages.
   Right now it's more complicated than it needs to be due
   to us needing to keep the py_pkgs plugin working in the
   integrated build.

Depends-On: https://review.openstack.org/598957
Change-Id: I676ddbb7028ad203e4ca3f3e1cee7ff1435d23a2
Implements: blueprint python-build-install-simplification
Signed-off-by: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
2018-09-03 12:00:42 +00:00
zhulingjie 1920a1c191 Remove the static when use include_tasks feature
Change-Id: I3b87d02b03ae3f6473f4b5ad8c5bc93f4cded321
2018-09-01 22:31:07 -04:00
OpenStack Proposal Bot 69040fe434 Updated from OpenStack Ansible Tests
Change-Id: Ifa7e6e3f359b357904a28cee0d8edcb7837b8c36
2018-08-20 10:49:04 +00:00
Zuul 846bfaa8ca Merge "use include_tasks instead of include" 2018-08-17 10:24:55 +00:00
OpenStack Proposal Bot 64d47f3010 Updated from OpenStack Ansible Tests
Change-Id: Ica8a5ed13675e824d138c8d0a631bc8360670de2
2018-08-15 13:41:18 +00:00
caoyuan 279609fe91 use include_tasks instead of include
include is marked as deprecated since ansible 2.4[0]

Switch to include_tasks or import_playbook as necessary

[0] https://docs.ansible.com/ansible/2.4/include_module.html#deprecated

Change-Id: Ic3f98a2237ecd69d90818b6de4647481ed434698
2018-08-15 16:57:00 +08:00
Zuul 19c82c942d Merge "Install optional packages after venv path update" 2018-08-09 06:09:44 +00:00
Jesse Pretorius 3fdf05e413 Allow tags to be used for MQ tasks
The use of 'include_tasks' and a loop of variables creates
a situation where a user is unable to use tags to scope the
inclusion of only the MQ tasks when running the playbooks.

The use-case this is important for is when the rabbitmq
containers are destroyed and rebuilt in order to resolve
an issue with them, and the user wishes to quickly recreate
all the vhosts/users.

Ansible's 'include_tasks' is a dynamic inclusion, and dynamic
inclusions are not included when using tags. The nice thing
about dynamic inclusions is that they completely skip all
tasks when the condition does not apply, cutting down deploy
time. However, given the use-case, we should rather take on
the extra deployment time.

This patch changes the dynamic inclusion to a static one,
adds a 'common-mq' tag to cover all MQ implementations,
and re-implements the 'common-rabbitmq' tag for the tasks
that relate to RabbitMQ specifically.

It also implements conditionals for each task set so that
the rpc/notify tasks can be skipped if a vhost/user is not
required for that purpose (eg: swift does not use RPC, and
most roles will not use notifications by default).

Depends-On: https://review.openstack.org/588191
Change-Id: Ib28d8d2d32f6a1fccd3f6f8cc4f9cd3f4c6ae5ef
2018-08-07 14:36:08 +01:00
Jesse Pretorius 0f82dd312f Use masakari_log_dir consistently
The variable is not used consistently. We fix every reference
to '/var/log/masakari' to refer to masakari_log_dir instead.

We also simplify the task which creates it to work whether
there is a symlink there or not.

Co-Authored-By: Dmitriy R <dmitriy.r@sitevalley.com>
Change-Id: Ibf579b6655ddee5cfc8c32ad6a500b4dc85468a8
2018-08-01 18:41:17 +00:00
Jesse Pretorius 6b3a4e9048 Use masakari_etc_dir consistently
The variable is not used consistently. We fix every reference
to '/etc/masakari' to refer to masakari_etc_dir instead.

Co-Authored-By: Dmitriy R <dmitriy.r@sitevalley.com>
Change-Id: I48eac7ffa55717fc57d0287719edbd56bcf21fac
2018-08-01 18:41:08 +00:00