Commit Graph

9 Commits

Author SHA1 Message Date
Damian Dabrowski ee554649bd Add TLS support to octavia backends
By overriding the variable `octavia_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the octavia backend api.

The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: Id6c187cad4e444fb83ca1f938bd13bb9b73652b3
2023-04-29 18:43:06 +02:00
Dmitriy Rabotyagov c672dc1848 Ensure service is restarted on unit file changes
At the moment we don't restart services if systemd unit file is changed.

We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now  we ensure that role handlers will also listen for systemd
unit changes.

Change-Id: I4a3346c90825a4bf0b416943286696fa529f526d
2023-04-14 19:26:26 +00:00
Jonathan Rosser 57400fb6a6 Remove legacy policy.json cleanup handler
Change-Id: Ia37876caa7b627e66d5e703262a8b060c46fa25d
2022-02-02 04:21:46 -05:00
Dmitriy Rabotyagov 8fbf733103 Remove unused handlers
Change-Id: Ia099a30f19329d78a77edd32b9c58a4313a4112a
2021-04-22 09:51:30 +00:00
Dmitriy Rabotyagov e7b394dd58 [goal] Deprecate the JSON formatted policy file
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to replace policy.json to
policy.yaml and remove deprecated policy.json.

config_template has been choosen instead of the copy, since it can
properly handle content that has been lookuped.

We make a separate task not to restart service when it's not needed.

[1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/787199
Change-Id: Idd28e5df99bfcf51bad2b785be41221eb0fe5142
2021-04-20 13:37:42 +00:00
Mohammed Naser 376ddeb48f Convert role to use a common systemd service role
This removes the systemd service templates and tasks from this role and
leverages a common systemd service role instead. This changet  removes a
lot of code duplication across all roles all without sacrificing features
or functionality. The intention of this change is to ensure uniformity and
reduce the maintenance burden on the community when sweeping changes are
needed. The exterior role is built to be OSA compatible and may be pulled
into tree should we deem it necessary.

In addition, it re-orders some tasks for consistency with other roles.

Change-Id: I124873a6ab96aa95f886ce146d28e7340c90d40d
2018-10-25 09:03:55 +00:00
Jesse Pretorius 114db5f581 Use a common python build/install role
In order to radically simplify how we prepare the service
venvs, we use a common role to do the wheel builds and the
venv preparation. This makes the process far simpler to
understand, because the role does its own building and
installing. It also reduces the code maintenance burden,
because instead of duplicating the build processes in the
repo_build role and the service role - we only have it all
done in a single place.

We also change the role venv tag var to use the integrated
build's common venv tag so that we can remove the role's
venv tag in group_vars in the integrated build. This reduces
memory consumption and also reduces the duplication.

This is by no means the final stop in the simplification
process, but it is a step forward. The will be work to follow
which:

1. Replaces 'developer mode' with an equivalent mechanism
   that uses the common role and is simpler to understand.
   We will also simplify the provisioning of pip install
   arguments when doing this.
2. Simplifies the installation of optional pip packages.
   Right now it's more complicated than it needs to be due
   to us needing to keep the py_pkgs plugin working in the
   integrated build.
3. Deduplicates the distro package installs. Right now the
   role installs the distro packages twice - just before
   building the venv, and during the python_venv_build role
   execution.

Depends-On: https://review.openstack.org/598957
Change-Id: I39b071b84bd71d32940157526443c17acce56c3c
Implements: blueprint python-build-install-simplification
Signed-off-by: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
2018-09-03 11:05:24 +00:00
Jean-Philippe Evrard ee145c3a24 Use systemd module instead of command
This causes linters to break: since ansible 2.4 the systemd
module can have only the daemon_reload directive.

Change-Id: I84b2dee8ef7e133dce63f587e9fba63cacc56431
2018-01-15 15:23:54 +00:00
Major Hayden f510d6561c Octavia role hacking
- installs Octavia service in OSA
- adds a test which installs Octavia (but uses noop
  to work around gate limitations)

Co-Authored-By: German Eichberger <German.eichberger@rackspace.com>

Change-Id: Idb419a4ca5daa311d39c90eda5f83412ccf576ad
2017-03-01 12:48:12 -05:00