Commit Graph

10 Commits

Author SHA1 Message Date
Damian Dabrowski 168e116a36 Add TLS support to tacker backends
By overriding the variable `tacker_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the tacker backend api.

The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: Ib5dd3a2494bed81add670e331085294910d7f425
2023-04-29 18:44:02 +02:00
Dmitriy Rabotyagov 3aa5aefb1b Ensure service is restarted on unit file changes
At the moment we don't restart services if systemd unit file is changed.

We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now  we ensure that role handlers will also listen for systemd
unit changes.

Change-Id: I4ebae4853fc0bc2840d3ea79546f10a12051bea9
2023-04-11 12:50:24 +02:00
Jonathan Rosser 67eefea777 Remove legacy policy.json cleanup handler
Change-Id: I70befc610166e7be23cf8deeec2fc0653ed5ea36
2022-02-02 04:23:49 -05:00
Dmitriy Rabotyagov e1a5b3cf2b [goal] Deprecate the JSON formatted policy file
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to replace policy.json to
policy.yaml and remove deprecated policy.json.

config_template has been choosen instead of the copy, since it can
properly handle content that has been lookuped.

We make a separate task not to restart service when it's not needed.

[1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html

Change-Id: I0606751e4e7707091cd34429deeee01630eb576a
2021-04-02 07:41:40 +00:00
Jonathan Rosser 6c7e6847b7 Use ansible_facts[] instead of fact variables
See https://github.com/ansible/ansible/issues/73654

Change-Id: I964783d5d992feff42021e5a3017d89326ea2e70
2021-03-16 08:22:12 +00:00
Dmitriy Rabotjagov 2a199a9621 Update role for new source build process
The variables tacker_developer_mode and tacker_venv_download
no longer carry any meaning. This review changes tacker to
do the equivalent of what developer_mode was all the time,
meaning that it always builds the venv and never requires
the repo server, but it will use a repo server when available.

As part of this, we move the source build out of its own file
because it's now a single task to include the venv build role.
This is just to make it easier to follow the code.

We also change include_tasks to import_tasks and include_role
to import_role so that the tags in the python_venv_build role
will work.

In addition tacker init was replaced by the standard systemd_service
role. Due to this was added new variable tacker_init_config_overrides.
program_override variable has no influence now.

In config notification_driver was deprecated in favor of driver from
oslo_messaging_notifications

Change-Id: Id5629cb631b23887383fa23f472052477edbc4eb
2019-03-28 17:33:58 +00:00
caoyuan 8ddb25da3f Clean up the remaining stuff for dashboard
The tacker horizon is been done in openstack-ansible-os_horiozn[0],
the temporary tacker horizon dashboard setup should be removed.

[0]: https://review.openstack.org/#/c/603832/

Change-Id: Iccbb526773694b486534ffe16927237cb7c76371
Closes-Bug: #1796015
2018-10-04 14:36:25 +08:00
Jesse Pretorius 142dadbf29 Use a common python build/install role
In order to radically simplify how we prepare the service
venvs, we use a common role to do the wheel builds and the
venv preparation. This makes the process far simpler to
understand, because the role does its own building and
installing. It also reduces the code maintenance burden,
because instead of duplicating the build processes in the
repo_build role and the service role - we only have it all
done in a single place.

We also change the role venv tag var to use the integrated
build's common venv tag so that we can remove the role's
venv tag in group_vars in the integrated build. This reduces
memory consumption and also reduces the duplication.

This is by no means the final stop in the simplification
process, but it is a step forward. The will be work to follow
which:

1. Replaces 'developer mode' with an equivalent mechanism
   that uses the common role and is simpler to understand.
   We will also simplify the provisioning of pip install
   arguments when doing this.

Depends-On: https://review.openstack.org/598957
Change-Id: I8b213b0590891b7862aa304f01504295371ea167
Implements: blueprint python-build-install-simplification
Signed-off-by: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
2018-09-03 17:46:02 +01:00
Jesse Pretorius f02127ab83 Update paste, policy and rootwrap configurations 2017-12-19
The locations of the previously included templates have been
moved to the standard location used in all other roles. This
helps to allow the sources-branch-updater script be able to
automatically place the updated files processed from the
upstream git repositories.

As there is now a rootwrap filter file, the appropriate tasks
to create the directory and to add the file have been
implemented. A little clean-up of syntax of tasks near those
modified have been included.

Finally - to resolve the ansible-lint issue the use of
systemctl has been removed.

Change-Id: I9b64d5e99dc81a6f35d74c0366ee2bbe7d15d327
2017-12-20 18:48:29 +00:00
root bb87b62ea4 first commit 2016-09-20 19:19:12 +00:00