This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.
In order to ensure upgrade path and ability to switch back to HA queues
we change vhost names with removing leading `/`, as enabling quorum
requires to remove exchange which is tricky thing to do with running
services.
Change-Id: Id5f6cabed7ec035845865d6d5facc63590c56d43
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: I6bbb97cd2f1daac42269a335014eb6cf7f28d24e
At the moment we don't restart services if systemd unit file is changed.
We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now we ensure that role handlers will also listen for systemd
unit changes.
Change-Id: I78c9888f7f2b97bd901d9fcce636bc22b6411eb9
With ansible-core 2.13 it tries to substitude package resolution in apt
module.
However git-core is used in Debian as transitional name, but ansible
tries to select it and provide version, which is not correct behaviour.
But since git-core is not really valid anyway, we just replace it
to workaround ansible's imperfectness.
Change-Id: Ic931147588dc549eaf41db9ff1c4abda2b8537c5
All references to Gentoo, SUSE, Debian stretch and Centos-7 are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible
Change-Id: I30e528914092c5c4df081031045e3d2f2e949bfd
We use the same condition, which defines against what host some "service"
tasks should run against, several times. It's hard to keep it the same
across the role and ansible spending additional resources to evaluate
it each time, so it's simpler and better for the maintenance to set
a boolean variable which will say for all tasks, that we want to run
only against signle host, if they should run or not now.
Change-Id: I4abb67271bd635c8cde5d4d65451e5fa0091868b
Explicitly pulling in packages that are dependencies of the main
package can cause issues with newer releases where those packages
don't exist anymore - e.g. python-swift is renamed to python3-swift.
similarly python-keystonemiddleware (which is a dep of openstack-swift)
is actually called python3-keystonemiddleware these days.
Change-Id: Iff4011c5a6531fa3f74acfeb6fa980c493246a63
Use the groups defined in swift_services to determine which distro
packages to install onto hosts instead of installing all distro service
packages on all swift hosts.
The 'swift-plugin-s3' package has also been removed from debian's
package list. s3api should be configured through swift middleware instead.
Change-Id: I1e7a8eba6500c819d418ee565a5f03cc16dfe165
In order to do a more complete verification of any patches,
we add a full uncontainerised OpenStack deployment to do the
functional testing using the integrated repo. This replaces
the previous functional test mechanism.
Any additional role tests are left as-is. They will require
some extra implementation in the integrated build before they
can be transferred.
The CentOS distro. installation was missing RPMs which meant
some binaries was missing, this patch adds those as well.
Depends-On: https://review.openstack.org/648502
Depends-On: https://review.openstack.org/648551
Depends-On: https://review.openstack.org/648575
Change-Id: I4b73967aacb92b63f9f01514979e31aa2fb5f61e
Currently the devel packages are installed everywhere,
but they only need to be where the wheels are built.
Also, there is already a task to install the packages
needed on the target hosts when installing - so we do
not need to give the same list to the venv install role
because they will already have been installed.
We remove the unnecessary installation of the compiling
packages because the python venv build role already does
it. We also remove the curl and which packages as they
appear to be unused. The git package is moved to the
devel package list as it's only used there.
We also re-order the package lists alphabetically to
make them easier to follow.
Depends-On: https://review.openstack.org/613585
Change-Id: I6d037c45aee8b54502a2e3f3add56b23be34109d
This is in a seperate package on ubuntu/centos systems and bundled
in openssh on suse. The ssh client was missing on centos so this
patch ensures it is always present for all distributions.
Change-Id: I4885f88938bd49ae81ce8f0a85fde46ddbe311a4
The ssh service on ubuntu based systems is "ssh" which is established by
the service unit path `/lib/systemd/system/ssh.service`. When running
the service will respond to the name "sshd" however this is just an
alias. This change adds a variable to set the service unit name
based on the distro family which will allow the service to start should
it be masked.
The change will now delegate to all nodes within the swift cluster
ensuring ssh is enabled and started. If SSH is not running everywhere at
the same time swift ring distribution will not be possible later on in
the role.
Change-Id: Ifbc748019403f0c0712d5f241f118e998d2061d4
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The devel packages are only needed to build the pip packages so we don't
need them when we install packages straight from the distro repos.
Change-Id: I08c6206dd83551e50a5b594cf428ffb8b2e8ebd8
Depends-On: https://review.openstack.org/612673
Depends-On: https://review.openstack.org/612661
It seems that RDO moved to a sinlge monolithic openstack-swift package
so lets use that instead. This fixes the following problem:
No package matching 'openstack-swift-plugin-swift3
Change-Id: I9a0efd15be4fde3a96e9feb72bed55d45262cb8c
Now that we no longer use our own keystone module, but
instead make use of the ansible runtime venv's shade
library and upstream ansible modules, we can eliminate
this package/library being installed on the host.
To do this, we also ensure that the functional test
now uses the Ansible runtime venv for all OpenStack
modules, and we use the native Ansible OpenStack
modules instead of our own.
Change-Id: I0ecb55308a846ad0f1bb05c10b9e0aad3da15449
To make the transition between versions easier,
we rename the vars file. This also resolves
issues when meta-dependent role inclusions do
not pick up the correct file when using the
include_vars task with multiple search paths.
Depends-On: https://review.openstack.org/602924
Change-Id: I8d624cde558a9c332f8e90d3269ee4a010191f7e
The python-keystonemiddleware is needed by swift-proxy-server otherwise
the systemd service fails to start with the following error:
[...]
File "/usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 517, in _context_from_explicit
swift-proxy-server[11639]: value = import_string(found_expr)
File "/usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 22, in import_string
swift-proxy-server[11639]: return pkg_resources.EntryPoint.parse("x=" + s).load(False)
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2321, in load
return self.resolve()
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2327, in resolve
module = __import__(self.module_name, fromlist=['__name__'], level=0)
ImportError: No module named keystonemiddleware.auth_token
Implements: blueprint openstack-distribution-packages
Change-Id: I2aaddc0c6b3bb5c28eb7f9b45e8d989f2824724d
The rules are not currently maintained, nor do we have the resources
to maintain them. In addition, they most likely don't work in our
integrated repos.
For future, it would be best to depend on upstream packages for
SELinux support such as `openstack-selinux`.
Change-Id: I6203b98a96a341ce52930ceeed609d9c118ae8b8
The keystoneclient package is being installed on the host by PIP but
that means that a whole bunch of required dependencies are being pulled
in as well.
This brings the host to a rather messed up state when installing
keystone from distro packages, since distribution and
PIP packages are being mixed together. We only need the client to
register the service with keystone so we can simply use the distro
package for that to avoid installing lots of PIP packages on the
host.
Change-Id: Id5d79db00e1a4aa4983aafd92c088ef8f13a7da0
Implements: blueprint openstack-distribution-packages
Distributions provide packages for the OpenStack services so we add
support for using these instead of the pip ones. However, functional
testing is not complete yet since it requires tempest to be in the swift
virtual environment which doesn't exist for distro installs. As such,
for functional testing to cover this method of installation it needs
to be changed quite a bit.
Change-Id: Id75e56440685df407a9991018dc07b5a75429082
Implements: blueprint openstack-distribution-packages
This removes the systemd service templates and tasks from this role and
leverages a common systemd service role instead. This change removes a
lot of code duplication across all roles all without sacrificing features
or functionality. The intention of this change is to ensure uniformity and
reduce the maintenance burden on the community when sweeping changes are
needed. The exterior role is built to be OSA compatible and may be pulled
into tree should we deem it necessary.
Change-Id: Icb7ca523cb19c560de5c84b0d60a06305029192c
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Swift should mirror other roles and use a list instead of a dictionary
for it's filtered_services.
This patch makes that change.
Change-Id: Ie6bf282a36ed63d73996447a88c3c5f6056465a7
Add support for the openSUSE Leap distributions. Nothing special is
required for this except for adding the appropriate distro variables
file and also update the zypper cache before package installation.
Moreover, the syslog user belongs to the 'users' group instead of a
dedicated 'syslog' group so we adjust the defaults for openSUSE.
Depends-On: I96c02fb2ee26691f1d7dd449d7205baa231795fe
Change-Id: I86beac2b3e038a0a4a3bf9618218bc1e393bdf08
To greatly reduce the amount of log noise from skipped tasks, set a
var in the role that filters the 'swift_services' dict to one that only
contains services relevant for each host.
Change-Id: Ib4e7d398ce2b34e560520d0266dc67bed653cc5c
Now that the external repository management is done in pip-install
role, we don't need this wiring anymore.
Everything will be consistent across all the roles that include
pip-install.
Change-Id: Ied9e3ec9797501baf1922602ec205b3892553d19
Since adding the rsyslog_client role as a dependency for Swift, the
syslog username for CentOS is the same as for Debian "syslog", as such
this patch removes the distro specific option for this variable.
Change-Id: I838dfacbe48fd8310c5e8d4405a683d11adf45ed
This PR Adds CentOS 7 support for Swift.
The following was required to get CentOS 7 to work:
* Add yum install path + packages
* Variablize rsync service name
* Gather network interface facts prior to setting storage/repl IPs
* Ensure /etc/defaults/rsync is only set for apt installations.
* Ensure the rsyslog service is started and enabled.
Change-Id: Ibaf8bc8d54b55820e8b527b52940c61c05c732d8
In order to make it easier to differentiate between the lists of
python packages, distribution packages, downloaded packages,
package pins and other similar variables the variable names are
being changed to ensure that they have a more explicit suffix
that defines the purpose and makes the naming more consistent.
This is to facilitate a lookup plugin which will be able to look
up all the package lists and present them as a consolidated piece
of data which may be used for artifact preparation.
Change-Id: I2c0d397df559df1725ec541afd7616e114d49d6f
Since object body and metadata encryption were added to swift there is a
new apt pkg requirement: libssl-dev
This is required to install pip packages correctly for Swift, and the
gate will fail without this package.
Change-Id: I395e359bae0198dfc26b8ecc04bb4df7e1152aac
Debian-specific vars and logic have been moved to tasks
that will execute only on those distributions.
Change-Id: I370621eda9e87bd19532e4e37e46097607bf4166
Implements: blueprint multi-platform-host