With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: I7163d2e68b1f0f97bd31d7734a99f74ed60b1bb5
By overriding the variable `masakari_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the masakari backend api.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: I2ea927dbfd7c9164b0f4d5fb793164ce4ad17094
At the moment we don't restart services if systemd unit file is changed.
We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now we ensure that role handlers will also listen for systemd
unit changes.
Change-Id: I3f17e680d1bf9e6e34de6b611db2a484eabbded9
This line has been here since the initial commit, but should already
be covered by the distribution_major_version line above.
Change-Id: If4f937f31f11e9b5c235dac6d8119bdc6905257c
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.
This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.
Change-Id: Id5beb6f4b7cafb1841cb2f1cb075cd04d911c456
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814
Change-Id: If9bed4699d5a7ab10b6a9779ae6fbde143b747b7
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to replace policy.json to
policy.yaml and remove deprecated policy.json.
config_template has been choosen instead of the copy, since it can
properly handle content that has been lookuped.
We make a separate task not to restart service when it's not needed.
[1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html
Change-Id: I8c89b6d193f221faad4db9e1d0b0152f262b823b
We use the same condition, which defines against what host some "service"
tasks should run against, several times. It's hard to keep it the same
across the role and ansible spending additional resources to evaluate
it each time, so it's simpler and better for the maintenance to set
a boolean variable which will say for all tasks, that we want to run
only against signle host, if they should run or not now.
Change-Id: Iadca3596f21f83bdb090c8bf45b323bf04154e92
Move it to the service setup host (defaults to utility[0]) instead
of the galera[0] host, and use galera_address (defaults to internal VIP)
as the endpoint instead of a local connection on the db host.
Change-Id: I3347e9a33beff2f0dc57c429acd973f20789912c
Make masakari respect set openstack_venv_python_executable
This also will create py3 venvs by default
Change-Id: I9d7abbeff0f68cad3b646cde270437c88554080c
This patch refactors the openstack user/service/endpoints creation to
service_setup.yml which will eventually be managed by
openstack-ansible-tests.
Change-Id: Id0d68668cdbf9c9e9c4738c8e1dd053586f6a5c0
This patch aims to migrate service from usage of regular syslog files
to journald. We also disable uwsgi logging, since it dublicates
requests that are logged by service itself.
Change-Id: I4168cd484ef52cc7b47efdbcc26d3d3550d28654
This patch refactors the database creation to db_setup.yml which
will eventually be managed by openstack-ansible-tests.
This also re-orders the mq_setup to be done earlier so these system
level dependencies are ready before service activation.
Change-Id: I1fd7d4ba9ad34732d76f1ed7030155a26742f0c9
The variables masakari_developer_mode and masakari_venv_download
no longer carry any meaning. This review changes masakari to
do the equivalent of what developer_mode was all the time,
meaning that it always builds the venv and never requires
the repo server, but it will use a repo server when available.
We also change include_tasks to import_tasks and include_role
to import_role so that the tags in the python_venv_build role
will work.
Depends-On: https://review.openstack.org/#/c/647571/
Change-Id: I850ba83a8683be45988f2d9eafcc6a2e8ad4d8b2
Variable masakari_venv_pip_packages was renamed in order to exclude from
repo-build process, as it fails in case of Jinja inside *_pip_packages.
As this variable collects all other *_pip_packages lists, repo_build
will still have all mentioned packages, so it's safe to rename this var.
Change-Id: Ib33d7bc83f1428763f873e1155fd9e3eb4c937e4
In order to enable the service setup host python interpreter to
be changed easily, we make it a variable. This will be useful
when someone sets the service setup host to be the utility
container, because we'll be able to set this var by default.
Change-Id: I0f34a17274ec1abcb43efffcba196049b6161edb
With this change masakari-monitors will be installed on hosts
which are in group masakari-monitor (supposed to be nova compute hosts)
hostmonitor depends on pacemaker with corosync, which are implemented by
https://github.com/mit-scripts/ansible-pacemaker-corosync
Masakari api/engine config was simplified and unneccesary defaults
were removed from it.
Role now uses default ``systemd_service`` role for systemctl configuration
Co-Authored-By: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Implements: blueprint masakari-ansible-plugin
Change-Id: I334877c0111a45d3f3a74e7f56931786f4301713
In order to radically simplify how we prepare the service
venvs, we use a common role to do the wheel builds and the
venv preparation. This makes the process far simpler to
understand, because the role does its own building and
installing. It also reduces the code maintenance burden,
because instead of duplicating the build processes in the
repo_build role and the service role - we only have it all
done in a single place.
We also change the role venv tag var to use the integrated
build's common venv tag so that we can remove the role's
venv tag in group_vars in the integrated build. This reduces
memory consumption and also reduces the duplication.
This is by no means the final stop in the simplification
process, but it is a step forward. The will be work to follow
which:
1. Replaces 'developer mode' with an equivalent mechanism
that uses the common role and is simpler to understand.
We will also simplify the provisioning of pip install
arguments when doing this.
2. Simplifies the installation of optional pip packages.
Right now it's more complicated than it needs to be due
to us needing to keep the py_pkgs plugin working in the
integrated build.
Depends-On: https://review.openstack.org/598957
Change-Id: I676ddbb7028ad203e4ca3f3e1cee7ff1435d23a2
Implements: blueprint python-build-install-simplification
Signed-off-by: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
The use of 'include_tasks' and a loop of variables creates
a situation where a user is unable to use tags to scope the
inclusion of only the MQ tasks when running the playbooks.
The use-case this is important for is when the rabbitmq
containers are destroyed and rebuilt in order to resolve
an issue with them, and the user wishes to quickly recreate
all the vhosts/users.
Ansible's 'include_tasks' is a dynamic inclusion, and dynamic
inclusions are not included when using tags. The nice thing
about dynamic inclusions is that they completely skip all
tasks when the condition does not apply, cutting down deploy
time. However, given the use-case, we should rather take on
the extra deployment time.
This patch changes the dynamic inclusion to a static one,
adds a 'common-mq' tag to cover all MQ implementations,
and re-implements the 'common-rabbitmq' tag for the tasks
that relate to RabbitMQ specifically.
It also implements conditionals for each task set so that
the rpc/notify tasks can be skipped if a vhost/user is not
required for that purpose (eg: swift does not use RPC, and
most roles will not use notifications by default).
Depends-On: https://review.openstack.org/588191
Change-Id: Ib28d8d2d32f6a1fccd3f6f8cc4f9cd3f4c6ae5ef
The variable is not used consistently. We fix every reference
to '/var/log/masakari' to refer to masakari_log_dir instead.
We also simplify the task which creates it to work whether
there is a symlink there or not.
Co-Authored-By: Dmitriy R <dmitriy.r@sitevalley.com>
Change-Id: Ibf579b6655ddee5cfc8c32ad6a500b4dc85468a8
The variable is not used consistently. We fix every reference
to '/etc/masakari' to refer to masakari_etc_dir instead.
Co-Authored-By: Dmitriy R <dmitriy.r@sitevalley.com>
Change-Id: I48eac7ffa55717fc57d0287719edbd56bcf21fac