Commit Graph

66 Commits

Author SHA1 Message Date
Dmitriy Rabotyagov 4382257d3f Fix linters and metadata
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.

With that we also update metdata to reflect current state.

Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: I9aaf6680c274453a16b6f9879cf488ae2050e71f
2023-07-14 20:07:26 +02:00
Damian Dabrowski 168e116a36 Add TLS support to tacker backends
By overriding the variable `tacker_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the tacker backend api.

The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: Ib5dd3a2494bed81add670e331085294910d7f425
2023-04-29 18:44:02 +02:00
Dmitriy Rabotyagov a2800f0d28 Add deployment of tacker-scheduler
There's a long-standing bug from 2017 that tacker requires scheduler
service to run. However it seemed no real interest to tacker among OSA
users. Nevertheless it's better late then never fixing it.

Change-Id: I70264ef5ffd6ebb851e4d3c4c86c28ea222f7139
Closes-Bug: #1710874
2022-10-19 12:52:03 +02:00
Erik Berg 9bdcf00ec4 Remove redundant vars line
This line snuck in with I854ca5c48f487ed140aafcb79e4ac0cd60b83597
probably to bring it in line with other OSA roles, but should already
be covered by the distribution_major_version line above.

Change-Id: Iae73c52c2c29db0952f7d8a5ae35b92088affe5a
2022-09-15 10:57:20 +02:00
Dmitriy Rabotyagov 0e27d6a3a1 Support service tokens
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.

Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: I9fa323e544849f7c24ccd7b860160bb5756ada28
2022-06-15 17:42:11 +00:00
Zuul 5388201d1d Merge "Use common service setup tasks from a collection rather than in-role" 2022-01-13 13:12:20 +00:00
Jonathan Rosser 94a6ea79b0 Use common service setup tasks from a collection rather than in-role
Change-Id: I3f49bc1ad684755a9e591e3bf079493415a908c1
2022-01-12 17:47:13 +00:00
Jonathan Rosser a19c326390 Refactor use of include_vars
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.

This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.

Change-Id: I854ca5c48f487ed140aafcb79e4ac0cd60b83597
2022-01-12 08:09:51 +00:00
OpenStack Proposal Bot 1c8c8c38fe Updated from OpenStack Ansible Tests
Change-Id: Ib355676808ac8532841b78cb512f01f9549ab620
2021-12-04 17:41:41 +00:00
Dmitriy Rabotyagov 00e386a1a7 Use config_template as a collection
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814



Change-Id: I196d4b2e26f803afbd917af729be4183884c7eea
2021-11-30 15:17:28 +02:00
OpenStack Proposal Bot c0a42a77bb Updated from OpenStack Ansible Tests
Change-Id: I2834d0c7fef564fbf0d364b1504758c2248913ff
2021-04-19 10:00:11 +00:00
Dmitriy Rabotyagov e1a5b3cf2b [goal] Deprecate the JSON formatted policy file
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to replace policy.json to
policy.yaml and remove deprecated policy.json.

config_template has been choosen instead of the copy, since it can
properly handle content that has been lookuped.

We make a separate task not to restart service when it's not needed.

[1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html

Change-Id: I0606751e4e7707091cd34429deeee01630eb576a
2021-04-02 07:41:40 +00:00
Jonathan Rosser 6c7e6847b7 Use ansible_facts[] instead of fact variables
See https://github.com/ansible/ansible/issues/73654

Change-Id: I964783d5d992feff42021e5a3017d89326ea2e70
2021-03-16 08:22:12 +00:00
OpenStack Proposal Bot 9c1eb6bda8 Updated from OpenStack Ansible Tests
Change-Id: Ib27d9bc6472a7e1bbe49294df22d9987b6546761
2020-10-19 09:21:03 +00:00
OpenStack Proposal Bot c7ddb916cd Updated from OpenStack Ansible Tests
Change-Id: I4d885cd1f643c303efff2e7ac49cc06f10a497c7
2020-10-01 14:32:15 +00:00
Dmitriy Rabotyagov 353dc3d050 Define condition for the first play host one time
We use the same condition, which defines against what host some "service"
tasks should run against, several times. It's hard to keep it the same
across the role and ansible spending additional resources to evaluate
it each time, so it's simpler and better for the maintenance to set
a boolean variable which will say for all tasks, that we want to run
only against signle host, if they should run or not now.

Change-Id: I5c92722d5e7c49d0a01c7e9dbd0b254b5bea6dc4
2020-09-25 18:29:03 +03:00
Dmitriy Rabotyagov 2e04617116 Use the utility host for db setup tasks
Move it to the service setup host (defaults to utility[0]) instead
of the galera[0] host, and use galera_address (defaults to internal VIP)
as the endpoint instead of a local connection on the db host.

Change-Id: I065c079fb95f299f90b51e22e8aad42fc5dbb618
2020-08-20 19:41:57 +03:00
OpenStack Proposal Bot 4e63c479f1 Updated from OpenStack Ansible Tests
Change-Id: I4f7788b8a168ed2a5366f98dfba3f813d6b53b49
2020-08-12 11:35:29 +00:00
OpenStack Proposal Bot a32e9b7cd9 Updated from OpenStack Ansible Tests
Change-Id: Ic6c6a371e1b54611f21c964a3a892985010c2fe8
2020-06-08 19:57:14 +00:00
OpenStack Proposal Bot ad11bd76ba Updated from OpenStack Ansible Tests
Change-Id: I8eb3932c0013aa7a76fc5e53038f702615c480e2
2019-09-18 19:22:06 +00:00
Jonathan Rosser 98e74e0f0d Allow venv python interpreter to be overridden
Change-Id: Ia73fc0cce59810cdb9e5479213a582c2e8674de2
2019-09-11 21:29:26 +01:00
Dmitriy Rabotyagov 2690cb845a service_setup: refactor service setup to a single file
This patch refactors the openstack user/service/endpoints creation to
service_setup.yml which will eventually be managed by
openstack-ansible-tests.

Change-Id: I4af14b99ec618bb9c26c77a4e43b6e6d3b968d35
2019-08-08 13:39:35 +03:00
Dmitriy Rabotyagov 47e2784138 Use systemd-journald instead of log files
This patch aims to migrate service from usage of regular syslog files
to journald. We also disable uwsgi logging, since it dublicates
requests that are logged by service itself.

Change-Id: Id68c80b52fe72bd209e96dba230b4f2cb12f900d
2019-07-18 09:02:45 +03:00
OpenStack Proposal Bot 4a06ebda96 Updated from OpenStack Ansible Tests
Change-Id: Idc75b30d8fdbc83b6a25706eb57756e18e92770a
2019-07-16 14:53:08 +00:00
Guilherme Steinmüller ffe31b8638 db_setup: refactor database setup to a common file
This patch refactors the database creation to db_setup.yml which
will eventually be managed by openstack-ansible-tests.

This also re-orders the mq_setup to be done earlier so these system
level dependencies are ready before service activation.

Change-Id: I9073e2d4152a2e0b91e51411d375b2814458e102
2019-07-15 01:07:58 +00:00
OpenStack Proposal Bot 959ad67726 Updated from OpenStack Ansible Tests
Change-Id: Ie3f0787d0d5b2439c6a170bfd5379ec8c709ba8b
2019-06-18 18:16:43 +00:00
OpenStack Proposal Bot 50b5f4e26b Updated from OpenStack Ansible Tests
Change-Id: I5555050888e8a17e8af6f740763e463176d81826
2019-06-11 22:19:29 +00:00
OpenStack Proposal Bot 87dcfdf757 Updated from OpenStack Ansible Tests
Change-Id: I58c643dfd579cb926688e7afcecb74fa1f51aa0a
2019-05-09 11:35:35 +00:00
OpenStack Proposal Bot 489d60fa4e Updated from OpenStack Ansible Tests
Change-Id: I6da8de4174f9bd2f3e9034bf523355ec362ba361
2019-04-17 19:12:20 +00:00
OpenStack Proposal Bot 14bfed0634 Updated from OpenStack Ansible Tests
Change-Id: I84b882b042bc4d6471857405d776d372061d8666
2019-04-17 07:26:03 +00:00
OpenStack Proposal Bot 13a26057c4 Updated from OpenStack Ansible Tests
Change-Id: Ied2ef76e469c4735dc54de1cc229816913a26e0f
2019-04-13 20:23:49 +00:00
OpenStack Proposal Bot c07efd4092 Updated from OpenStack Ansible Tests
Change-Id: I7fb8249c0172d9d5010ebaeff4c1d2835236218b
2019-04-01 13:19:28 +00:00
Dmitriy Rabotjagov 2a199a9621 Update role for new source build process
The variables tacker_developer_mode and tacker_venv_download
no longer carry any meaning. This review changes tacker to
do the equivalent of what developer_mode was all the time,
meaning that it always builds the venv and never requires
the repo server, but it will use a repo server when available.

As part of this, we move the source build out of its own file
because it's now a single task to include the venv build role.
This is just to make it easier to follow the code.

We also change include_tasks to import_tasks and include_role
to import_role so that the tags in the python_venv_build role
will work.

In addition tacker init was replaced by the standard systemd_service
role. Due to this was added new variable tacker_init_config_overrides.
program_override variable has no influence now.

In config notification_driver was deprecated in favor of driver from
oslo_messaging_notifications

Change-Id: Id5629cb631b23887383fa23f472052477edbc4eb
2019-03-28 17:33:58 +00:00
Jesse Pretorius f47ce32ee6 Enable overriding the service setup host python interpreter
In order to enable the service setup host python interpreter to
be changed easily, we make it a variable. This will be useful
when someone sets the service setup host to be the utility
container, because we'll be able to set this var by default.

Change-Id: Ia3b8ac0cc8ca895c39b20eac30763ad4873f78b1
2018-11-30 16:44:17 +00:00
caoyuan 8ddb25da3f Clean up the remaining stuff for dashboard
The tacker horizon is been done in openstack-ansible-os_horiozn[0],
the temporary tacker horizon dashboard setup should be removed.

[0]: https://review.openstack.org/#/c/603832/

Change-Id: Iccbb526773694b486534ffe16927237cb7c76371
Closes-Bug: #1796015
2018-10-04 14:36:25 +08:00
Jesse Pretorius 142dadbf29 Use a common python build/install role
In order to radically simplify how we prepare the service
venvs, we use a common role to do the wheel builds and the
venv preparation. This makes the process far simpler to
understand, because the role does its own building and
installing. It also reduces the code maintenance burden,
because instead of duplicating the build processes in the
repo_build role and the service role - we only have it all
done in a single place.

We also change the role venv tag var to use the integrated
build's common venv tag so that we can remove the role's
venv tag in group_vars in the integrated build. This reduces
memory consumption and also reduces the duplication.

This is by no means the final stop in the simplification
process, but it is a step forward. The will be work to follow
which:

1. Replaces 'developer mode' with an equivalent mechanism
   that uses the common role and is simpler to understand.
   We will also simplify the provisioning of pip install
   arguments when doing this.

Depends-On: https://review.openstack.org/598957
Change-Id: I8b213b0590891b7862aa304f01504295371ea167
Implements: blueprint python-build-install-simplification
Signed-off-by: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
2018-09-03 17:46:02 +01:00
OpenStack Proposal Bot 0cbe64b9d9 Updated from OpenStack Ansible Tests
Change-Id: I553e9cc68764ac6a1447081fcfda6db9c53e497f
2018-08-20 10:50:29 +00:00
Zuul 214214ea6c Merge "Updated from OpenStack Ansible Tests" 2018-08-17 11:54:27 +00:00
OpenStack Proposal Bot 9f354d483d Updated from OpenStack Ansible Tests
Change-Id: I1e6399b5a9bf928536f55774ea72e7e35ef18b2f
2018-08-15 13:42:12 +00:00
caoyuan 36de37b3ab use include_tasks instead of include
include is marked as deprecated since ansible 2.4[0]

Switch to include_tasks or import_playbook as necessary

[0] https://docs.ansible.com/ansible/2.4/include_module.html#deprecated

Change-Id: Icd18450a618e35ea506c25507f08133547394b87
2018-08-15 17:16:35 +08:00
Zuul d0b9dcaaff Merge "Install optional packages after venv path update" 2018-08-09 06:17:26 +00:00
Jesse Pretorius fc28e0c579 Allow tags to be used for MQ tasks
The use of 'include_tasks' and a loop of variables creates
a situation where a user is unable to use tags to scope the
inclusion of only the MQ tasks when running the playbooks.

The use-case this is important for is when the rabbitmq
containers are destroyed and rebuilt in order to resolve
an issue with them, and the user wishes to quickly recreate
all the vhosts/users.

Ansible's 'include_tasks' is a dynamic inclusion, and dynamic
inclusions are not included when using tags. The nice thing
about dynamic inclusions is that they completely skip all
tasks when the condition does not apply, cutting down deploy
time. However, given the use-case, we should rather take on
the extra deployment time.

This patch changes the dynamic inclusion to a static one,
adds a 'common-mq' tag to cover all MQ implementations,
and re-implements the 'common-rabbitmq' tag for the tasks
that relate to RabbitMQ specifically.

It also implements conditionals for each task set so that
the rpc/notify tasks can be skipped if a vhost/user is not
required for that purpose (eg: swift does not use RPC, and
most roles will not use notifications by default).

Depends-On: https://review.openstack.org/588191
Change-Id: I336d5520875dca8c5aac9455f3a22e903123d3a9
2018-08-07 15:04:16 +01:00
Zuul b9d1abd4d1 Merge "Move MQ vhost/user creation into role" 2018-07-31 14:51:55 +00:00
Andy Smith c8aab8b743 Install optional packages after venv path update
Change-Id: Ieec2be7525407a9278d9e828ce3e7a8770dc1ea2
2018-07-27 15:57:33 -04:00
Zuul e05f8929f7 Merge "Remove the unnecessary space" 2018-07-27 12:01:01 +00:00
Jesse Pretorius 59e61f1390 Move MQ vhost/user creation into role
There is no record for why we implement the MQ vhost/user creation
outside of the role in the playbook, when we could do it inside the
role.

Implementing it inside the role allows us to reduce the quantity of
group_vars duplicated from the role, and allows us to better document
the required variables in the role. The delegation can still be done
as it is done in the playbook too.

In this patch we implement two new variables:
- tacker_oslomsg_rpc_setup_host
- tacker_oslomsg_notify_setup_host

These are used in the role to allow delegation of the MQ vhost/user
setup for each type to any host, but they default to using the first
member of the applicable oslomsg host group.

We also adjust some of the defaults to automatically inherit existing
vars set in group_vars form the integrated build so that we do not
need to do the wiring in the integrated build's group vars. We still
default them in the role too for independent role usage.

Finally, we remove the test mq setup tasks and clean up any unused
or unnecessary variables configured in tests.

Change-Id: I481b2358bf3b93fba3057b825fc9e0f626d616ba
2018-07-27 11:21:35 +00:00
Andy Smith 96e911f446 Update to use oslo.messaging service for RPC and Notify
This introduces oslo.messaging variables that define the RPC and
Notify transports for the OpenStack services. These parameters replace
the rabbitmq values and are used to generate the messaging
transport_url for the service.

This patch:
* Add oslo.messaging variables for RPC and Notify to defaults
* Add transport_url generation to conf
* Add oslo.messaging to tests inventory and update tests
* Install extra packages for optional drivers

Change-Id: I88fa6bd04ebad08211570d46ed464409b5896123
2018-07-26 09:08:53 +00:00
ZhijunWei c1d732b622 Remove the unnecessary space
Change-Id: Ie59c04a0236b29e028546c777423c804d81cebe5
2018-07-15 21:33:00 -04:00
Jesse Pretorius e911fcf505 Execute service setup against a delegated host using Ansible built-in modules
In order to reduce the packages required to pip install on to the hosts,
we allow the service setup to be delegated to a specific host, defaulting
to the deploy host. We also switch as many tasks as possible to using the
built-in Ansible modules which make use of the shade library.

The 'virtualenv' package is now installed appropriately by the openstack_hosts
role, so there's no need to install it any more. The 'httplib2' package is a
legacy Ansible requirement for the get_url/get_uri module which is no longer
needed. The keystone client library is not required any more now that we're
using the upstream modules. As there are no required packages left, the task
to install them is also removed.

Change-Id: Ia6c57495b8d6090a0b98f17554288a310388c3e2
2018-07-14 14:25:03 +00:00
Jean-Philippe Evrard 9260c34509 Fix usage of "|" for tests
With the more recent versions of ansible, we should now use
"is" instead of the "|" sign for the tests.

This should fix it.

Change-Id: I546cb8ad2933b69e84c87c22669548a2106fef94
2018-07-12 16:57:35 +02:00