Commit Graph

258 Commits

Author SHA1 Message Date
Dmitriy Rabotyagov c15dc767fd Add quorum queues support for service
This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.

In order to ensure upgrade path and ability to switch back to HA queues
we change vhost names with removing leading `/`, as enabling quorum
requires to remove exchange which is tricky thing to do with running
services.

Change-Id: I9b9de6cdfac8ba3a89b874cd920df8d5b01e81f2
2023-10-25 09:45:55 +00:00
Dmitriy Rabotyagov 59c2e45f6d Fix linters for example playbook
Change-Id: I439d4e817f0a3693758a19ffbd9c84d475977a66
2023-10-25 11:45:15 +02:00
Dmitriy Rabotyagov 610cb66262 Use proper galera port in configuration
While <service>_galera_port is defined and used for db_setup
role, it's not in fact used in a connection string for oslo.db.

Change-Id: I7835892960360ddea73ba98ed1cbdc8268d5e71e
2023-08-17 14:57:57 +00:00
Dmitriy Rabotyagov 8d4a5ec633 Define constraints file for docs and renos
Right now we are not using any constraints for docs and releasenotes builds.
This has resulted in docs job failures once Sphinx 7.2.0 has been released.

The patch will ensure that constraints are used an we should not face
simmilar issue again.

TOX_CONSTRAINTS_FILE is updated by Release bot once new branch is created,
so it should always track relevant constraints.

Some extra syntax-related changes can apply, since patch is being passed
through ConfigParser, that does not preserve comments and align indenting.


Change-Id: I6c0e5e73d0c1842432e506eb8fa9e002f3b9a24a
2023-08-17 16:32:26 +02:00
Dmitriy Rabotyagov 4382257d3f Fix linters and metadata
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.

With that we also update metdata to reflect current state.

Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: I9aaf6680c274453a16b6f9879cf488ae2050e71f
2023-07-14 20:07:26 +02:00
Damian Dabrowski 168e116a36 Add TLS support to tacker backends
By overriding the variable `tacker_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the tacker backend api.

The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: Ib5dd3a2494bed81add670e331085294910d7f425
2023-04-29 18:44:02 +02:00
Dmitriy Rabotyagov 3aa5aefb1b Ensure service is restarted on unit file changes
At the moment we don't restart services if systemd unit file is changed.

We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now  we ensure that role handlers will also listen for systemd
unit changes.

Change-Id: I4ebae4853fc0bc2840d3ea79546f10a12051bea9
2023-04-11 12:50:24 +02:00
OpenStack Release Bot 98e8e3c8e8 Update master for stable/zed
Add file to the reno documentation build to show release notes for
stable/zed.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.

Sem-Ver: feature
Change-Id: Id85cca75b829d2f07916278d5385d96301c34cf6
2022-12-13 13:21:09 +00:00
Dmitriy Rabotyagov a2800f0d28 Add deployment of tacker-scheduler
There's a long-standing bug from 2017 that tacker requires scheduler
service to run. However it seemed no real interest to tacker among OSA
users. Nevertheless it's better late then never fixing it.

Change-Id: I70264ef5ffd6ebb851e4d3c4c86c28ea222f7139
Closes-Bug: #1710874
2022-10-19 12:52:03 +02:00
Erik Berg 9bdcf00ec4 Remove redundant vars line
This line snuck in with I854ca5c48f487ed140aafcb79e4ac0cd60b83597
probably to bring it in line with other OSA roles, but should already
be covered by the distribution_major_version line above.

Change-Id: Iae73c52c2c29db0952f7d8a5ae35b92088affe5a
2022-09-15 10:57:20 +02:00
Dmitriy Rabotyagov 0e27d6a3a1 Support service tokens
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.

Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: I9fa323e544849f7c24ccd7b860160bb5756ada28
2022-06-15 17:42:11 +00:00
Dmitriy Rabotyagov d3794939f0 Switch sphinx language to en
With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.


Change-Id: I6f1f4a56d8f96c70308b630c149ec87f6c45b832
2022-05-30 16:01:40 +02:00
OpenStack Proposal Bot 5865695d63 Updated from OpenStack Ansible Tests
Change-Id: I0b126ec423b29a096aba498c19c00d9c61901dce
2022-03-31 20:15:19 +00:00
Marc Gariepy 7cc68553d6 Cleanup setup.py config
Change-Id: I10f5342bdf17926f4e5665a7d1982158b671772f
2022-03-31 10:17:19 -04:00
Jonathan Rosser 67eefea777 Remove legacy policy.json cleanup handler
Change-Id: I70befc610166e7be23cf8deeec2fc0653ed5ea36
2022-02-02 04:23:49 -05:00
Zuul 5388201d1d Merge "Use common service setup tasks from a collection rather than in-role" 2022-01-13 13:12:20 +00:00
Jonathan Rosser 94a6ea79b0 Use common service setup tasks from a collection rather than in-role
Change-Id: I3f49bc1ad684755a9e591e3bf079493415a908c1
2022-01-12 17:47:13 +00:00
Jonathan Rosser a19c326390 Refactor use of include_vars
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.

This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.

Change-Id: I854ca5c48f487ed140aafcb79e4ac0cd60b83597
2022-01-12 08:09:51 +00:00
OpenStack Proposal Bot ac2e50185d Updated from OpenStack Ansible Tests
Change-Id: Iec5be25ae187f82e0f63676c933a8fadc3cf150f
2021-12-17 16:48:32 +00:00
OpenStack Proposal Bot 1c8c8c38fe Updated from OpenStack Ansible Tests
Change-Id: Ib355676808ac8532841b78cb512f01f9549ab620
2021-12-04 17:41:41 +00:00
Damian Dabrowski 68bdc789cb Database connection pooling improvements
- Implemented new variable ``connection_recycle_time`` responsible for SQLAlchemy's connection recycling
- Set new default values for db pooling variables which are inherited from the global ones.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819424
Change-Id: I36f5315ad27904c817f4349151fca4181180e811
2021-12-03 11:41:49 +01:00
Dmitriy Rabotyagov 00e386a1a7 Use config_template as a collection
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814



Change-Id: I196d4b2e26f803afbd917af729be4183884c7eea
2021-11-30 15:17:28 +02:00
Dmitriy Rabotyagov a0cb1f7b7c Refactor galera_use_ssl behaviour
With PKI role in place in most cases you don't need to explicitly
provide path to the CA file because PKI role ensures that CA is trusted
by the system overall. In the meanwhile in PyMySQL [1] you must either
provide CA file or cert/key or enable verify.

Since current behaviour is to provide path to the custom CA we expect
certificate being trusted overall. Thus we enable cert verification when
galera_use_ssl is True.

[1] 78f0cf99e5/pymysql/connections.py (L267)

Change-Id: I42d544d80d8fef5be9a68e6ef7090f85d0daa88c
2021-09-21 17:23:03 +03:00
likui e89cbd2f4f Changed minversion in tox to 3.18.0
The patch bumps min version of tox to 3.18.0 in order to
replace tox's whitelist_externals by allowlist_externals option:
https://github.com/tox-dev/tox/blob/master/docs/changelog.rst#v3180-2020-07-23

Change-Id: I561d6dfe70b956ce9c67aa3277b7968dcae6e487
2021-07-03 21:35:00 +08:00
Dmitriy Rabotyagov 906e596a81 Update tacker config
Takcer hasn't been paid any attention for a while and current
configuration is not relevant and contain obvious mistakes.
While patch doesn't aim to fully fix all issues, we at least improve
things by removing obvious mistakes.

Change-Id: Ib8b89fa2664e63245b503780e4fc65d813db0e6f
2021-06-08 14:44:43 +03:00
Dmitriy Rabotyagov 0f25273f85 Replace linters test with integarted one
We've created integrated linters check job a while back and it's successfully
working for several releases. At the moment we experience difficulties
with future maintenance of the linters check from the openstack-ansible-tests
repo. So instead of fixing current one, we replace it with modern version of
the test.


Change-Id: I4c18653c53a7d0b26b05a25757721879c0131ff5
2021-05-21 16:07:06 +03:00
Zuul c404f4edd4 Merge "Add variables for rabbitmq ssl configuration" 2021-05-18 14:10:53 +00:00
Jonathan Rosser e52a036f2c Add variables for rabbitmq ssl configuration
Change-Id: Ief236b1d9599e40ff47de5016c31ca12a2b3eb34
2021-05-17 12:11:04 +00:00
OpenStack Proposal Bot c0a42a77bb Updated from OpenStack Ansible Tests
Change-Id: I2834d0c7fef564fbf0d364b1504758c2248913ff
2021-04-19 10:00:11 +00:00
Dmitriy Rabotyagov e1a5b3cf2b [goal] Deprecate the JSON formatted policy file
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to replace policy.json to
policy.yaml and remove deprecated policy.json.

config_template has been choosen instead of the copy, since it can
properly handle content that has been lookuped.

We make a separate task not to restart service when it's not needed.

[1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html

Change-Id: I0606751e4e7707091cd34429deeee01630eb576a
2021-04-02 07:41:40 +00:00
OpenStack Proposal Bot 1339797206 Updated from OpenStack Ansible Tests
Change-Id: Id9c48c77aa34e5179751221f106677f820e9c451
2021-03-22 08:49:21 +00:00
Jonathan Rosser 6c7e6847b7 Use ansible_facts[] instead of fact variables
See https://github.com/ansible/ansible/issues/73654

Change-Id: I964783d5d992feff42021e5a3017d89326ea2e70
2021-03-16 08:22:12 +00:00
OpenStack Proposal Bot c9dde5b317 Updated from OpenStack Ansible Tests
Change-Id: I54c06301ec379792287eec8c06e234dd9b69d7cb
2021-03-12 22:21:27 +00:00
Zuul 4b17c4d523 Merge "Switch default virtualenv to python3" 2021-03-10 22:58:38 +00:00
Jonathan Rosser f70d823db3 Remove references to unsupported operating systems
All references to Gentoo, SUSE, Debian stretch and Centos-7  are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible

Change-Id: I68735b995fe1bce23edb8c092f2199fdde137acd
2021-03-10 12:16:40 +00:00
Jonathan Rosser 7482efafa2 Switch default virtualenv to python3
Change-Id: Ia418086218c12db73a33e1afbe0abb3ad1acae82
2021-03-10 09:05:22 +00:00
Zuul ea34449293 Merge "Move tacker pip packages from constraints to requirements" 2021-01-28 15:29:46 +00:00
Jonathan Rosser eb449a9cff Move tacker pip packages from constraints to requirements
This is necessary to use the new pip resolver

Change-Id: I02342575151053c8bdd1a5b22514a82fef0613a2
2021-01-25 10:32:57 +00:00
dmitriy 7b869bf073 [reno] Stop publishing release notes
Since we copy all release notes to the integrated repo there is not need
in publishing release notes for each repository. We should only verify their
validity and linting.


Change-Id: Ieb586ca22e19b84433b8faea1b27fb66c1e7e9f9
2021-01-22 18:28:09 +02:00
Dmitriy Rabotyagov 74db1fd747 Use global service variables
Instead of overriding each service separatelly it might make
sense for deployers to define some higher level variable that
will be used first or fallback to default variable.

Change-Id: I1dd906a82e3963d2b4f0497570195885abab0530
2021-01-08 18:58:13 +02:00
zhoulinhui e971939b55 Replace deprecated UPPER_CONSTRAINTS_FILE variable
UPPER_CONSTRAINTS_FILE is deprecated and TOX_CONSTRAINTS_FILE is
the new environment variable name that replaces it [1].

This allows to use upper-constraints file as more
readable way instead of UPPER_CONSTRAINTS_FILE=<lower-constraints file>.

[1] https://zuul-ci.org/docs/zuul-jobs/python-roles.html#rolevar-tox.tox_constraints_file
[2] https://review.opendev.org/#/c/722814/

Change-Id: If72cc1e0b6ac3374eabb3309a793478d4fd1d6ec
2020-11-10 05:15:07 +00:00
OpenStack Proposal Bot 9c1eb6bda8 Updated from OpenStack Ansible Tests
Change-Id: Ib27d9bc6472a7e1bbe49294df22d9987b6546761
2020-10-19 09:21:03 +00:00
Zuul e2104fa983 Merge "Updated from OpenStack Ansible Tests" 2020-10-05 15:24:06 +00:00
Jonathan Rosser 9b91f8c31b Fix linter errors
Change-Id: If180f49835bfe763da462c7073734dc89e238496
2020-10-01 16:57:26 +01:00
OpenStack Proposal Bot c7ddb916cd Updated from OpenStack Ansible Tests
Change-Id: I4d885cd1f643c303efff2e7ac49cc06f10a497c7
2020-10-01 14:32:15 +00:00
Zuul ad0f2b9331 Merge "Updated from OpenStack Ansible Tests" 2020-09-28 11:59:04 +00:00
Dmitriy Rabotyagov 353dc3d050 Define condition for the first play host one time
We use the same condition, which defines against what host some "service"
tasks should run against, several times. It's hard to keep it the same
across the role and ansible spending additional resources to evaluate
it each time, so it's simpler and better for the maintenance to set
a boolean variable which will say for all tasks, that we want to run
only against signle host, if they should run or not now.

Change-Id: I5c92722d5e7c49d0a01c7e9dbd0b254b5bea6dc4
2020-09-25 18:29:03 +03:00
OpenStack Proposal Bot e02f635f33 Updated from OpenStack Ansible Tests
Change-Id: I28232d149bb05ecf11576aacbfebe68bae666011
2020-09-24 16:58:27 +00:00
Dmitriy Rabotyagov 2e04617116 Use the utility host for db setup tasks
Move it to the service setup host (defaults to utility[0]) instead
of the galera[0] host, and use galera_address (defaults to internal VIP)
as the endpoint instead of a local connection on the db host.

Change-Id: I065c079fb95f299f90b51e22e8aad42fc5dbb618
2020-08-20 19:41:57 +03:00
OpenStack Proposal Bot 4e63c479f1 Updated from OpenStack Ansible Tests
Change-Id: I4f7788b8a168ed2a5366f98dfba3f813d6b53b49
2020-08-12 11:35:29 +00:00