With efforts to create a resources in same, unified way,
we convert tempest role to use openstack_resources
for creating and managing openstack resources, like projects, flavors,
networks, images, etc. This should reduce maintenance costs
in case of futher collection updates and unify approach.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/878794
Change-Id: I762ded9b6099ea55e8a19bfb82473b950155eaa4
We're checking if octavia_amp_availability_zone is defined, while the
variable is defined in defaults, so there is no clean way to undefine
the availability_zone except to use config overrides and define to
none.
So whe change condition in a way to allow empty value to be treated as
False which would result in availability_zone being undefined in the
config.
Change-Id: I86ffd71d6791dec700c381b695ab5a4bca8051a3
This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.
In order to ensure upgrade path and ability to switch back to HA queues
we change vhost names with removing leading `/`, as enabling quorum
requires to remove exchange which is tricky thing to do with running
services.
Change-Id: I4781a0c23274b145970b3269e517c2a62497acc4
Amphora does report back it's status to Octavia healthmanager through
octavia_health_manager_port. This outgoing traffic from Amphora must be
allowed to show LB stats and operational_status.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/896017
Change-Id: Ib6b8547b69949f7af0ba0f7f436b4286d3baccb7
While <service>_galera_port is defined and used for db_setup
role, it's not in fact used in a connection string for oslo.db.
Change-Id: I94cc61d88b0ec54bde01477e8fba35e341afffa2
Right now we are not using any constraints for docs and releasenotes builds.
This has resulted in docs job failures once Sphinx 7.2.0 has been released.
The patch will ensure that constraints are used an we should not face
simmilar issue again.
TOX_CONSTRAINTS_FILE is updated by Release bot once new branch is created,
so it should always track relevant constraints.
Some extra syntax-related changes can apply, since patch is being passed
through ConfigParser, that does not preserve comments and align indenting.
Change-Id: Ia704b63838c8730039e135eb38e170204d5a30e2
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Change-Id: Id8215882ee528d4c3055479e770c7432616649ba
By overriding the variable `octavia_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the octavia backend api.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: Id6c187cad4e444fb83ca1f938bd13bb9b73652b3
Amphorav1 has been deprecated and is removed early at the
beginning of the 2023.2 cycle. With that Antelope is perfect time for
switching the default.
[1] 6c0515c988
Change-Id: I133f20a6d971832138708101e6a8380d23e75cf2
At the moment security group allows to access Amphora SSH/API
from any network which is insecure. We're changing default for
security groups to allow access only from Octavia Management
network.
Change-Id: I6ea6ab4ec1c28a3b354d40f6744434eefb05fcfe
In case it's needed to limit access to DHCP servers, rules must be
way more complex then this one, since DHCP uses broadcast.
To avoid complexity, let's just avoid defining remote_ip_prefix
that allows egress traffic for DHCP.
Change-Id: I280c064b4d93bcd78092f02a928d5d6dfb4fda68
At the moment we don't restart services if systemd unit file is changed.
We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now we ensure that role handlers will also listen for systemd
unit changes.
Change-Id: I4a3346c90825a4bf0b416943286696fa529f526d
With ansible-collection version 2.0 return of project_info module
has changed. We need to adopt usage of module return to the new format.
We also add security group rule for dhcp, since in case DHCP is enabled
for the network, it won't be provided in metadata on config-drive anymore.
Change-Id: I861797fdddbf2c82ef7b1409df577475e7424414
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: I68231d7943454098b344fa51f75bdec7e2efa3ee
This line snuck in with I5cc0b1bde814abb0a4afe1567b9b23230a57f275
probably to bring it in line with other OSA roles, but should already
be covered by the distribution_major_version line above.
Change-Id: I7f719b3fbd7e89ce96b84c9080049888aeda7ee6
The `octavia_provider_network_mtu-parameter` defaults to 1500
to not accidentially use `global_physnet_mtu` on deployment with
large MTU settings
Change-Id: I9fa33c5ee76197191f1e66b7a70a4c1c0a5fa394
With commit [1] to collection output structure of networks_info module
has been changed. With that we adpot to the new format.
Return values for keypair have also changed
[1] 9272146cf7
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/864553
Change-Id: Ic22ec379983e43aa5f2b55fd4543b4aa70762354
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: I8cd6c47c64601089173671652a463ecc291d8ca1
Currently CentOS 9 Stream hits libvirt bug [1] that occurs on attaching
interface to running VM. Octavia is most affected by that as this is
part of usual workflow.
Fix for the bug has been already proposed and should be released
quite soon. Not to spend a lot of time on that, we rather wait for new
libvirt version to be released for CentOS 9 Stream and until then
set jobs as NV.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2092856
Change-Id: I9dd6fcea23154f781ec111a0927a26aba28954f1
With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.
Change-Id: I7d612a82e0b79ad1d34f9cbd75c5e19f201d7741
We need to collect installation method variables as early as we can as
we rely on them later on in the play.
Change-Id: I0fa1b7b25a4b6ced5606018410825e7cf2eac54a
Introduces 3 new variables cinder_default_availability_zone, octavia_cinder_volume_size and octavia_cinder_volume_type. using these variables, enables Octavia to use different Cinder configurations.
Change-Id: I8162e83d39075cd99c516b84c39ed868306283c3
Distro instalaltion has been broken for a while and CI disabled for it.
With this commit we're fixing path and returning back
CI testing of it.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/837845
Change-Id: Ia715e0506e45ead6ed8ecffac3fbd70e9849da13
For vlan scenraio we can't use octavia_provider_network_name for
octavia_provider_network but it's pretty big override, which might be
more handy with having an extra variable, that will be used inside it.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/787199
Change-Id: Ib5627dc3b37626e056c3cfe9ce54ee6a7ff25dd5
Modern ansible only supports the 'cryptography' backend for the
openssl_privatekey module. In this case, the 'cipher' module
parameter must be set to 'auto'.
Change-Id: I2bfe5fa57c7deb201f56f82d5699c91fcccb766d