This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.
In order to ensure upgrade path and ability to switch back to HA queues
we change vhost names with removing leading `/`, as enabling quorum
requires to remove exchange which is tricky thing to do with running
services.
Change-Id: I900f40d7db6c26356252a7be736c1b3bdc98cace
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Change-Id: I022c2ed5edb0acb80433a29172bd6617e994f30f
By overriding the variable `mistral_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the mistral backend api.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: Id9248e1618b9f2ad39a698c2ecf9c04e64cd119a
While running Mistral API service within uWSGI, Mistral's Cron
Triggers do not create Workflow Exectuions. This change would disable
Cron Triggers for all existing installations as running API service
within uWSGI stays enabled by default.
Change-Id: I25b622de40c02f3cc410070e04e2d5d0fd67abc9
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: Ie34df51cc0284b23713a897c8bc9d4958a1fe385
- Implemented new variable ``connection_recycle_time`` responsible for SQLAlchemy's connection recycling
- Set new default values for db pooling variables which are inherited from the global ones.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819424
Change-Id: I6f71c588ccec56e37ec707fc7f9c29037fcd668f
With PKI role in place in most cases you don't need to explicitly
provide path to the CA file because PKI role ensures that CA is trusted
by the system overall. In the meanwhile in PyMySQL [1] you must either
provide CA file or cert/key or enable verify.
Since current behaviour is to provide path to the custom CA we expect
certificate being trusted overall. Thus we enable cert verification when
galera_use_ssl is True.
[1] 78f0cf99e5/pymysql/connections.py (L267)
Change-Id: Ic050f71a2e9a48e12e2549ffdf60223d2b0c601d
Instead of overriding each service separatelly it might make
sense for deployers to define some higher level variable that
will be used first or fallback to default variable.
Change-Id: I0b0fdd8f811af07f112d717879a77d05a36403ed
Even the most modest 4C/8T system would run with the maximum 16 processes
due to the calculation being VCPU*2.
We devide amount of CPUs to number of threads for hyperthreaded CPUs
Change-Id: Ifc6a975055559919f8e4234f315f1748ca4f5de0
Move it to the service setup host (defaults to utility[0]) instead
of the galera[0] host, and use galera_address (defaults to internal VIP)
as the endpoint instead of a local connection on the db host.
Change-Id: I133eee39903fd469ded423775af330f0eece9e43
This patch aims to add a prefix for memcached_server
on each role to give the ability for deployers to
override the location of memcached cluster. I.e users
wants to create a single memcached cluster with k8s
for each service.
We also add pymemcache based on [1]
[1] https://review.opendev.org/711429
Change-Id: Ieca2e8cd7959005f354412eb5a9f17b4363a5853
Move service to use uWSGI role instead of iternal task for uwsgi
deployment. This aims to ease the maintenance of uWSGI and speedup
metal deployments as the same uwsgi environment will be used
across all services.
Change-Id: Ia1788a7a9ce80349440bedbb2a0fdeb2a7f9934a
This patch aims to migrate service from usage of regular syslog files
to journald. We also disable uwsgi logging, since it dublicates
requests that are logged by service itself.
Change-Id: I61605b7820bb518fb809b01781f6d83f89487be8
The variable mistral_developer_mode and mistral_venv_download
no longer carry any meaning. This review changes mistral to
do the equivalent of what developer_mode was all the time,
meaning that it always builds the venv and never requires
the repo server, but it will use a repo server when available.
As part of this, we move the source build out of its own file
because it's now a single task to include the venv build role.
This is just to make it easier to follow the code.
Change-Id: Ibb0a20eeec763f2051c8577da5a91ddc5b9a9e62
We need this var to determine which host group
to check for members of before building the
pip packages required by this role.
Change-Id: I46b9836b2c97db2306060e0e7b665c9564907633
This role allows the installation of Mistral alongside running
all of the API tests.
Depends-On: I2e19efd5fdcb0bdbb3d1cd5ee44f20e4807ea537
Depends-On: Ie3d8fb921dfedff0852b630a0a0af17b97c1bffa
Change-Id: I2390533690cd2c4511a272cc0834e240bb554696
Dmitriy Rabotyagov