Commit Graph

751 Commits

Author SHA1 Message Date
Tim Burke 719f8437f4 Remove nobarrier mount option from docs
Swift stopped including this option in its docs in 2019, and recent
kernels stopped recognizing it as a valid option, leading to mount
failures.

Related-Change: https://review.opendev.org/c/openstack/swift/+/665984
Closes-Bug: #2051764
Change-Id: I4f2ff43ac90023db422633246e89146b377cee74
2024-02-16 09:54:57 -08:00
Dmitriy Rabotyagov 0ba35bf841 Add quorum queues support for service
This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.

In order to ensure upgrade path and ability to switch back to HA queues
we change vhost names with removing leading `/`, as enabling quorum
requires to remove exchange which is tricky thing to do with running
services.

Change-Id: Id5f6cabed7ec035845865d6d5facc63590c56d43
2023-11-13 12:11:44 +00:00
Dmitriy Rabotyagov ee795c740c Fix example playbook linters
Change-Id: I403f4add2f2eb896c96c9c6905694ef32ffc7677
2023-11-13 13:10:59 +01:00
Dmitriy Rabotyagov 1d0bba49a7 Stop reffering _member_ role
Keystone has stopped providing or reffering `_member_` role for a while,
thus role should not be refferenced anymore.

Moreover, with 2023.1 service policies have dropped `_member_`
which resulted in the role to be insufficient for basic operations.

Change-Id: I4d6eacae2041b0a00114dda4e8315d4ec6295319
Related-Bug: #2029486
2023-08-15 13:10:38 +02:00
Dmitriy Rabotyagov 99c6fb2835 Fix linters and metadata
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.

With that we also update metdata to reflect current state.

Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: I6bbb97cd2f1daac42269a335014eb6cf7f28d24e
2023-07-17 11:45:20 +02:00
Damian Dabrowski 96a262b26b Add TLS support to swift backends
By overriding the variable `swift_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the swift backend api.

The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: Idb7882775a90ada9bb9e1450168916c73bf8ae4b
2023-04-29 18:43:51 +02:00
Dmitriy Rabotyagov 78e75642e7 Ensure service is restarted on unit file changes
At the moment we don't restart services if systemd unit file is changed.

We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now  we ensure that role handlers will also listen for systemd
unit changes.

Change-Id: I78c9888f7f2b97bd901d9fcce636bc22b6411eb9
2023-04-11 12:47:24 +02:00
Jonathan Rosser d179113919 Fix role as a result of ANSIBLE_INJECT_FACT_VARS=false
ansible_<variable> injection is now disabled by default in
openstack-ansible so the network interface information is now
accessed via ansible_facts['ifname'] rather than
ansible_facts['ansible_ifname'].

This patch also replaces the use of hostvars[inventory_hostname]
with the more correct access via ansible_facts.

Change-Id: Id2c59badb6767d62799ab51504444d935b68b4ce
2023-03-15 17:26:26 +00:00
Dmitriy Rabotyagov 737c9a51d6 Update tox.ini to work with 4.0
With tox release of 4.0, some parameters were deprecated and are ignored now
which causes tox failures. One of the most spread issues we have is using
`whitelist_externals` isntead of `allowlist_externals`


Change-Id: Ic7864bf2150acbeab504d4dce3dd1a920974e5eb
2022-12-27 17:53:26 +01:00
OpenStack Release Bot 4a3d207c5a Update master for stable/zed
Add file to the reno documentation build to show release notes for
stable/zed.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.

Sem-Ver: feature
Change-Id: Ibe537add36546f7b1b8e791943a9f7dd9d26a3db
2022-12-13 13:20:49 +00:00
Andrej Babolcai 89a6bb0718 Add support for running object-servers Per Disk
Adds support for configuring different storage port per disk
in the storage policy ring. This Swift feature is described
here https://docs.openstack.org/swift/latest/deployment_guide.html#running-object-servers-per-disk

Signed-off-by: Andrej Babolcai <andrej.babolcai@gmail.com>
Change-Id: I254e35a67195817c237dba00bec6338d3fffa985
2022-11-16 09:34:48 +01:00
Dmitriy Rabotyagov 0b14d1ebae Replace git-core with git for debian
With ansible-core 2.13 it tries to substitude package resolution in apt
module.
However git-core is used in Debian as transitional name, but ansible
tries to select it and provide version, which is not correct behaviour.
But since git-core is not really valid anyway, we just replace it
to workaround ansible's imperfectness.

Change-Id: Ic931147588dc549eaf41db9ff1c4abda2b8537c5
2022-10-05 11:05:24 +02:00
Erik Berg b899b28880 Remove redundant vars line
This line snuck in with Ib586cfc978f1e5fa05f6ce4add8a337eb433f82f
probably to bring it in line with other OSA roles, but should already
be covered by the distribution_major_version line above.

Change-Id: I78e89768f077b1cf1562b91ae0066620eb226cc7
2022-09-14 14:52:05 +02:00
Dmitriy Rabotyagov 5139ecc233 Support service tokens
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.

Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: If34e0170ea0e0f7727cfadba982f3c7dae6ae216
2022-06-15 19:52:02 +02:00
Zuul e2e1101549 Merge "Sync rings to all swift hosts to build_files" 2022-06-04 11:01:41 +00:00
Dmitriy Rabotyagov 7d8259c486 Switch sphinx language to en
With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.


Change-Id: Ifd2b3956ee3f8a7847256d6444cccf674c7d526e
2022-05-30 16:01:40 +02:00
Dmitriy Rabotyagov 7b02afd3ce Sync rings to all swift hosts to build_files
In previous patch [1] I wrongly assumed that there's no reason to have
/etc/swift/ring_build_files/
on all hosts. However, there's another logic in the role, that assumes
having these files and verifying md5sum of them.

As an easy bugfix, we're returning sync to ring_build_files until we
change logic. It's also easily backportable.

[1] https://review.opendev.org/c/openstack/openstack-ansible-os_swift/+/765354

Change-Id: If0e686352e08379027508c2939fae00db6ae6cb8
Closes-Bug: #1973045
2022-05-25 16:04:40 +02:00
OpenStack Proposal Bot 358f4a3aa8 Updated from OpenStack Ansible Tests
Change-Id: Iaacf90e25e90296cd0403f1df0df0d97d1d73c70
2022-04-04 11:42:14 +00:00
Jonathan Rosser d1ec190e3b Cleanup setup.py config
Change-Id: I91029458f0939f41d9d1075a0fc7829e1f66746b
2022-04-04 09:59:36 +00:00
Zuul 4ca16593d8 Merge "Use common service setup tasks from a collection rather than in-role" 2022-01-13 13:15:00 +00:00
Jonathan Rosser 6202a5500a Use common service setup tasks from a collection rather than in-role
Change-Id: I04531583a731d02a011f72f6d79eced434a66eaa
2022-01-12 18:15:05 +00:00
Zuul 021d286b56 Merge "Refactor use of include_vars" 2022-01-12 14:59:15 +00:00
Jonathan Rosser 3cdb3b1bdd Refactor use of include_vars
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.

This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.

Change-Id: Ib586cfc978f1e5fa05f6ce4add8a337eb433f82f
2022-01-12 08:10:47 +00:00
Damian Dabrowski d830128352 Enable recursion in combine() filter
Ansible's combine() filter needs recursive=True parameter in order to recursively merge nested hashes.

https: //docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#combining-hashes-dictionaries
Change-Id: I3f3048a7540ac04c749ccb99e20d6ba521175b99
2022-01-11 19:21:50 +01:00
OpenStack Proposal Bot ee60779fd5 Updated from OpenStack Ansible Tests
Change-Id: If081c52b7b4d7f9ee4c445927d9600ff827bfc7c
2021-12-17 16:48:25 +00:00
OpenStack Proposal Bot 78ae470524 Updated from OpenStack Ansible Tests
Change-Id: Iedad8d79adc5f4f1df420bbc95cecc0f4244bf2f
2021-12-04 17:41:34 +00:00
Zuul 73c39cd9d6 Merge "Use config_template as a collection" 2021-12-01 19:28:50 +00:00
Dmitriy Rabotyagov 87c7b60d65 Use config_template as a collection
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814



Change-Id: Iff0959a012d1875e01cd72bee3fb75906ef0983a
2021-11-30 15:17:27 +02:00
Dmitriy Rabotyagov 451678a6fd Refactor definition of lock path
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819300
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/819298
Change-Id: I6ce09e0e0b83e14fc9386fc4cb49921a21fcabd4
2021-11-30 12:42:47 +02:00
Dmitriy Rabotyagov b96ce88221 Replace linters test with integarted one
We've created integrated linters check job a while back and it's successfully
working for several releases. At the moment we experience difficulties
with future maintenance of the linters check from the openstack-ansible-tests
repo. So instead of fixing current one, we replace it with modern version of
the test.


Change-Id: Iebcc755c22b8b34e06be95acd48c3ab9cecf953b
2021-05-21 15:53:51 +03:00
Zuul 2ec9981fb2 Merge "Add variables for rabbitmq ssl configuration" 2021-05-18 14:15:13 +00:00
Jonathan Rosser acdaeda64b Add variables for rabbitmq ssl configuration
Change-Id: I0a1104f8312b16f618bdd8bf6b440730213c5fad
2021-05-17 12:10:40 +00:00
Dmitriy Rabotyagov 2ce00d6c69 Do not collect gnocchi project ID
Ceilometer middleware now accepts also project names,
so it's not required to gain project UUID [1].

We also switching gnocchi project name to `service` for all scenarios
as it's already whitelisted by default [2]

[1] e2bf485044
[2] 082dabb1b7/ceilometermiddleware/swift.py (L158)

Closes-Bug: #1879192
Change-Id: I40d3178d1b3bd1234ac34c6fa1d0d2bcb7160720
2021-05-13 14:39:43 +00:00
Zuul d425a94865 Merge "Updated from OpenStack Ansible Tests" 2021-04-19 15:43:46 +00:00
OpenStack Proposal Bot 155c2dd64f Updated from OpenStack Ansible Tests
Change-Id: I36cecfb184e2740a95558f2e890eb87aa2ef7a2e
2021-04-19 09:59:54 +00:00
Dmitriy Rabotyagov 24bbb72ac9 Revert "split templates to work around configparser bug"
This reverts commit 3e151d97ad.

Reason for revert: Upstream bug has been fixed

Change-Id: I5498030487677523ae71ae2f9a13074ab4552204
Related-Bug: #1872553
Closes-Bug: #1921354
2021-03-25 10:16:08 +00:00
OpenStack Proposal Bot 44fa8898b1 Updated from OpenStack Ansible Tests
Change-Id: I9a34d4cd10cef0c5e9c8e349e98cc1fe5c923bd7
2021-03-22 08:49:06 +00:00
Zuul 992ab38b61 Merge "Use ansible_facts[] instead of fact variables" 2021-03-16 16:04:49 +00:00
Jonathan Rosser 440a53a4e6 Use ansible_facts[] instead of fact variables
See https://github.com/ansible/ansible/issues/73654

Change-Id: Ia3c80d5c0e63ee9c38868c41c9235c51a2498971
2021-03-16 08:20:27 +00:00
OpenStack Proposal Bot 545e8a36a8 Updated from OpenStack Ansible Tests
Change-Id: If9c67fe4179c793c17bc8b10695ee8051c5351f1
2021-03-12 22:21:19 +00:00
Zuul 07b1b03cdc Merge "Switch default virtualenv to python3" 2021-03-11 03:06:50 +00:00
Jonathan Rosser a1205ca3a9 Remove references to unsupported operating systems
All references to Gentoo, SUSE, Debian stretch and Centos-7  are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible

Change-Id: I30e528914092c5c4df081031045e3d2f2e949bfd
2021-03-10 12:16:40 +00:00
Jonathan Rosser 3459f10c27 Switch default virtualenv to python3
Change-Id: I5bc095b4ebcfa7e69ce34e058a438b10ec60a07a
2021-03-10 09:04:10 +00:00
Zuul 3c16888e1a Merge "[reno] Stop publishing release notes" 2021-01-26 18:26:37 +00:00
Jonathan Rosser baa3dc3578 Move swift packages from constraints to requirements
This is necessary to use the new pip resolver

Change-Id: I5c22a77fc889b78bad6d1e27f7c631ef4b8a8220
2021-01-25 10:31:19 +00:00
dmitriy 7db0e43269 [reno] Stop publishing release notes
Since we copy all release notes to the integrated repo there is not need
in publishing release notes for each repository. We should only verify their
validity and linting.


Change-Id: Icd059fb0ec832e8b7b4e6f9a671b11959b6bda26
2021-01-22 18:27:56 +02:00
Dmitriy Rabotyagov d3f80f734a Use global service variables
Instead of overriding each service separatelly it might make
sense for deployers to define some higher level variable that
will be used first or fallback to default variable.

Change-Id: Ia08e7c0c1a7398c6edac32dc04cb90e50b502059
2021-01-08 18:55:00 +02:00
Zuul 58e003f44e Merge "Use synchronize module for rings distribution" 2020-12-04 17:32:50 +00:00
Zuul afc82768d4 Merge "Stop to use the __future__ module." 2020-12-04 16:38:31 +00:00
Dmitriy Rabotyagov c2665d032c Use synchronize module for rings distribution
Instead of using rsync which do not respect ssh ports, we fetch rings
to the deploy host and distribute them back to swift hosts

Change-Id: I9f8bc0af9803d2a235b3da956b5618adfe195c00
Closes-Bug: #1904935
2020-12-03 19:31:58 +02:00