With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: I6bbb97cd2f1daac42269a335014eb6cf7f28d24e
By overriding the variable `swift_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the swift backend api.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: Idb7882775a90ada9bb9e1450168916c73bf8ae4b
ansible_<variable> injection is now disabled by default in
openstack-ansible so the network interface information is now
accessed via ansible_facts['ifname'] rather than
ansible_facts['ansible_ifname'].
This patch also replaces the use of hostvars[inventory_hostname]
with the more correct access via ansible_facts.
Change-Id: Id2c59badb6767d62799ab51504444d935b68b4ce
This line snuck in with Ib586cfc978f1e5fa05f6ce4add8a337eb433f82f
probably to bring it in line with other OSA roles, but should already
be covered by the distribution_major_version line above.
Change-Id: I78e89768f077b1cf1562b91ae0066620eb226cc7
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: If34e0170ea0e0f7727cfadba982f3c7dae6ae216
In previous patch [1] I wrongly assumed that there's no reason to have
/etc/swift/ring_build_files/
on all hosts. However, there's another logic in the role, that assumes
having these files and verifying md5sum of them.
As an easy bugfix, we're returning sync to ring_build_files until we
change logic. It's also easily backportable.
[1] https://review.opendev.org/c/openstack/openstack-ansible-os_swift/+/765354
Change-Id: If0e686352e08379027508c2939fae00db6ae6cb8
Closes-Bug: #1973045
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.
This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.
Change-Id: Ib586cfc978f1e5fa05f6ce4add8a337eb433f82f
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814
Change-Id: Iff0959a012d1875e01cd72bee3fb75906ef0983a
Ceilometer middleware now accepts also project names,
so it's not required to gain project UUID [1].
We also switching gnocchi project name to `service` for all scenarios
as it's already whitelisted by default [2]
[1] e2bf485044
[2] 082dabb1b7/ceilometermiddleware/swift.py (L158)
Closes-Bug: #1879192
Change-Id: I40d3178d1b3bd1234ac34c6fa1d0d2bcb7160720
This reverts commit 3e151d97ad.
Reason for revert: Upstream bug has been fixed
Change-Id: I5498030487677523ae71ae2f9a13074ab4552204
Related-Bug: #1872553
Closes-Bug: #1921354
All references to Gentoo, SUSE, Debian stretch and Centos-7 are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible
Change-Id: I30e528914092c5c4df081031045e3d2f2e949bfd
Instead of using rsync which do not respect ssh ports, we fetch rings
to the deploy host and distribute them back to swift hosts
Change-Id: I9f8bc0af9803d2a235b3da956b5618adfe195c00
Closes-Bug: #1904935
We use the same condition, which defines against what host some "service"
tasks should run against, several times. It's hard to keep it the same
across the role and ansible spending additional resources to evaluate
it each time, so it's simpler and better for the maintenance to set
a boolean variable which will say for all tasks, that we want to run
only against signle host, if they should run or not now.
Change-Id: I4abb67271bd635c8cde5d4d65451e5fa0091868b
Since we don't have required libraries on the swift hosts,
we should delegate openstack collection tasks to the setup host.
Change-Id: Ib8a8875c1a355b1f67cdc2bc4f1d028fa7ae3496
These are changed to os_*_info modules which return their data
not as facts but via ansible registered variables.
Change-Id: I08ff502e23ff928884ae704b0e226379f17b4faf
Move the percent character to the template from the string to allow
setting either % or %% as needed to work around the bug linked below.
This requires each service 'family' to have two versions of it's config
file.
Bug: https://bugs.launchpad.net/swift/+bug/1872553
Change-Id: I68f276224c51d5682d77123eae697767fadf9b19
Signed-off-by: Matthew Thode <mthode@mthode.org>
Ubuntu distro packages change /etc/swift/ owner to root, which makes
swift_rings.py fail with Permission denied.
So we shouldt run swift_rings.py as root user for distro deployments.
Change-Id: I3eeec29de43a3fb80bafef104ac87348aca4853e
This patch refactors the openstack user/service/endpoints creation to
service_setup.yml which will eventually be managed by
openstack-ansible-tests.
service_setup: refactor service setup to a single file
This patch refactors the openstack user/service/endpoints creation to
service_setup.yml which will eventually be managed by
openstack-ansible-tests.
Change-Id: Ibeb38f022174dc5b2ee449b7f5303bbc194fb238
This patch aims to migrate service from usage of regular syslog files
to journald.
By this we mean dropping rsyslog client installation. log_address is set
by default to /dev/log, which is served by journald.
Change-Id: I6dd0d77004394bb1ad674b53538b0679b056bb0f