This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.
In order to ensure upgrade path and ability to switch back to HA queues
we change vhost names with removing leading `/`, as enabling quorum
requires to remove exchange which is tricky thing to do with running
services.
Change-Id: Id5f6cabed7ec035845865d6d5facc63590c56d43
Keystone has stopped providing or reffering `_member_` role for a while,
thus role should not be refferenced anymore.
Moreover, with 2023.1 service policies have dropped `_member_`
which resulted in the role to be insufficient for basic operations.
Change-Id: I4d6eacae2041b0a00114dda4e8315d4ec6295319
Related-Bug: #2029486
By overriding the variable `swift_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the swift backend api.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: Idb7882775a90ada9bb9e1450168916c73bf8ae4b
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: If34e0170ea0e0f7727cfadba982f3c7dae6ae216
Ceilometer middleware now accepts also project names,
so it's not required to gain project UUID [1].
We also switching gnocchi project name to `service` for all scenarios
as it's already whitelisted by default [2]
[1] e2bf485044
[2] 082dabb1b7/ceilometermiddleware/swift.py (L158)
Closes-Bug: #1879192
Change-Id: I40d3178d1b3bd1234ac34c6fa1d0d2bcb7160720
This reverts commit 3e151d97ad.
Reason for revert: Upstream bug has been fixed
Change-Id: I5498030487677523ae71ae2f9a13074ab4552204
Related-Bug: #1872553
Closes-Bug: #1921354
Move the percent character to the template from the string to allow
setting either % or %% as needed to work around the bug linked below.
This requires each service 'family' to have two versions of it's config
file.
Bug: https://bugs.launchpad.net/swift/+bug/1872553
Change-Id: I68f276224c51d5682d77123eae697767fadf9b19
Signed-off-by: Matthew Thode <mthode@mthode.org>
A recent commit [1] removed config sections related to logging that
causes various Swift services to fail to start. This patch reverts the
respective config sections. These may be removed at a later date.
[1] https://review.opendev.org/#/c/671711/
Change-Id: Ie73811e36f1ea35f060cb5af4e1275e7e69d4179
This patch aims to add a prefix for memcached_server
on each role to give the ability for deployers to
override the location of memcached cluster. I.e users
wants to create a single memcached cluster with k8s
for each service.
We also add pymemcache based on [1]
[1] https://review.opendev.org/711429
Change-Id: If17dd627708f03824939ba062b498675253b11d7
Since CentOS 7 do not have packaged swift library for py3, py2 shebang
should be used in python script so that they could import libraries
Change-Id: If42feb0bb3ed0de211e5fba65c59d9ef50d199ce
This patch aims to migrate service from usage of regular syslog files
to journald.
By this we mean dropping rsyslog client installation. log_address is set
by default to /dev/log, which is served by journald.
Change-Id: I6dd0d77004394bb1ad674b53538b0679b056bb0f
The swift3 middleware has been deprecated in replacement with the
s3api middleware instead. This removes all the swift3 references
to hopefully enable someone to cleanly add s3api eventually.
Change-Id: I3a8a1ab861ec81b1f4f8dbc02a6a332d4ce495b8
Though a `swift_operator_role` variable exists to allow specifying an
operator role other than `swiftoperator`, it is not applied to all
uses of the role, eg the proxy-server.conf template.
Replace all remaining hard-coded references to the `swiftoperator`
role with the `swift_operator_role` variable.
Change-Id: Ie6db872cc2b7a1b1a90d9a690ee08937a9cab785
Signed-off-by: Corey Wright <corey.wright@rackspace.com>
This introduces oslo.messaging variables that define the Notify transport
in place of the rabbitmq values.
This patch:
* Add oslo.messaging variable for Notify to defaults
* Update url generation
* Add oslo.messaging to inventory
* Add release note
Change-Id: I1c2e844c4c7a2256087bcc4521f970ca8e8c6b16
This removes the systemd service templates and tasks from this role and
leverages a common systemd service role instead. This change removes a
lot of code duplication across all roles all without sacrificing features
or functionality. The intention of this change is to ensure uniformity and
reduce the maintenance burden on the community when sweeping changes are
needed. The exterior role is built to be OSA compatible and may be pulled
into tree should we deem it necessary.
Change-Id: Icb7ca523cb19c560de5c84b0d60a06305029192c
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Option auth_uri from group keystone_authtoken is deprecated[1].
Use option www_authenticate_uri from group keystone_authtoken.
[1]https://review.openstack.org/#/c/508522/
Change-Id: I7897412e22d91c6ab786652ff95ca44f7d10dedc
Swift should mirror other roles and use a list instead of a dictionary
for it's filtered_services.
This patch makes that change.
Change-Id: Ie6bf282a36ed63d73996447a88c3c5f6056465a7
This commit adds support for the swift3 middware, which allows S3-compatible
clients to use swift for object storage.
Change-Id: I56cd63057cc771310b69c311d975e06f73c773f7
Related-Bug: 1625053
The systemd unit 'TimeoutSec' value which controls the time
between sending a SIGTERM signal and a SIGKILL signal when
stopping or restarting the service has been reduced from 300
seconds to 120 seconds. This provides 2 minutes for long-lived
sessions to drain while preventing new ones from starting
before a restart or a stop.
The 'RestartSec' value which controls the time between the
service stop and start when restarting has been reduced from
150 seconds to 2 seconds to make the restart happen faster.
These values can be adjusted by using the *_init_config_overrides
variables which use the config_template task to change template
defaults.
Change-Id: I048b877e859ad744dc54f19a93afdd89f8ef1661
This creates a specific slice which all OpenStack services will operate
from. By creating an independent slice these components will be governed
away from the system slice allowing us to better optimise resource
consumption.
See the following for more information on slices:
* https://www.freedesktop.org/software/systemd/man/systemd.slice.html
See for following for more information on resource controls:
* https://www.freedesktop.org/software/systemd/man/systemd.resource-control.html
Tools like ``systemd-cgtop`` and ``systemd-cgls`` will now give us
insight into specific processes, process groups, and resouce consumption
in ways that we've not had access to before. To enable some of this reporting
the accounting options have been added to the [Service] section of the unit
file.
Change-Id: Ibcb7d2a69ed67a99c88dc143c76aa8448d31cc9e
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Utilize the "ringbuilder.devs_changed" option to ensure that the ring
needs a rebalance. This will prevent unnecessary rebalances that cause
failures due to "min_part_hours" not being passed even though no changes
were required.
Additionally, we can now return a correct Ansible repsonse when the ring
has changed/rebalanced - and return "OK" when it hasn't returned at all.
Change-Id: I1fb4b3544a50ab5f566b3846d616107a84ff29c9
Users can configure the number of worker threads. However when it's
not specified the calculated number of workers can get too large on
hosts with a large number of CPUs. Capping only swift proxy server
worker threads when the proxy is in a container. Not capping the
remaining swift services' workers because of the performance impact
it may cause because of the capping.
Change-Id: I12d930552558144ab49fecc0b3776747c1f02166
The old version of this scipt used to interface to the
ringbuilder cli interface. This meant we did some crazy
threading. That was complicated.
This patch changes that to use the RingBuilder and RingData
classes, which makes things much simpler, and we can remove
all the threading stuff.
Change-Id: I94004db3b2b772644d89e20c1201d7f403f3eb86
The statsd.j2 include approach is great, but it is hitting an ansible
bug with Jinja2==2.9.5 which hasn't been fixed with Ansible and doens't
seem to be fixed anytime soon.
Here is an example bug:
https://github.com/ansible/ansible/issues/20494
This patch also refactors the statsd.j2 import parts, a lot of
if/else statements were not required.
Change-Id: Ib78ac0a8891874b1c2e777fac8f3fb89304e6872
The swift_rings.py script creates a thread and calls out to
swift's ringbuilder cli interface. It wasn't failing if
ringbuilder failed.
This change changes the threading to capture the threads exit
code and sys.exit on a bad one.
Change-Id: Ic2199ccc393b25a60af82af3aa638f21f19a6418
The old limits config was still running on the upstart setup. While the
directories within the ubuntu exist they are ignored in Ubuntu 16.04 and
CentOS 7. This change removes the old upstart config and adds the
required systemd config.
Change-Id: Ic75d6cfe32678f4205d6f8ea991f393526d0a082
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
As a part of removing Trusty from OpenStack-Ansible we shall aim to
remove this from all the roles.
Testing has already been removed for Trusty in the integrated build and
all individual repositories on master (Ocata), as such we can now go
ahead and remove the support within the roles.
Change-Id: I89ba35fd15703aba2a05d11d4550690704bdf272
Implements: blueprint trusty-removal
This patch adds copy as a middleware for swift, this follows upstream's
approach and reduces errors that indicate it is being automatically
included in the pipeline.
Change-Id: I4591ff3f3464d8bfa4ffd012f117aba881b02b65
Move to use tempauth to resolve memory issues resulting from an AIO
swift install running in pypy.
This PR adds some options for using pypy:
* Set a pypy Garbage collection value
This PR includes some tempauth fixes to make it useable:
* Set the tempauth users based on a variable
Testing is changed as follows for pypy:
* Use only memcache within swift-proxy
* Remove galera/keystone
* Add swap for swift-storage hosts
* Use tempauth for pypy
* Reduce to 2 swift hosts
Change-Id: Ic1ed5acc9b20853d9a159035226f97fda088f035
Versioned Objects in Swift now use a middleware that is added to the
pipeline instead of the "allow_versions" in the container config. These
have 2 different Headers, so to prevent "X-Versions-Location" from not
working the "allow_versions" in the container config is left in place.
This patch adds the middleware by default and sets the Versioned Objects
support to be on. This is the upstream default and the deployer would
still need to set the "X-History-Location" header on a container to
utilise the feature.
Change-Id: I88811fd77fad8d2241448ca5ffb565fa7d704a00