With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: I9aaf6680c274453a16b6f9879cf488ae2050e71f
By overriding the variable `tacker_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the tacker backend api.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: Ib5dd3a2494bed81add670e331085294910d7f425
There's a long-standing bug from 2017 that tacker requires scheduler
service to run. However it seemed no real interest to tacker among OSA
users. Nevertheless it's better late then never fixing it.
Change-Id: I70264ef5ffd6ebb851e4d3c4c86c28ea222f7139
Closes-Bug: #1710874
This line snuck in with I854ca5c48f487ed140aafcb79e4ac0cd60b83597
probably to bring it in line with other OSA roles, but should already
be covered by the distribution_major_version line above.
Change-Id: Iae73c52c2c29db0952f7d8a5ae35b92088affe5a
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: I9fa323e544849f7c24ccd7b860160bb5756ada28
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.
This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.
Change-Id: I854ca5c48f487ed140aafcb79e4ac0cd60b83597
We use the same condition, which defines against what host some "service"
tasks should run against, several times. It's hard to keep it the same
across the role and ansible spending additional resources to evaluate
it each time, so it's simpler and better for the maintenance to set
a boolean variable which will say for all tasks, that we want to run
only against signle host, if they should run or not now.
Change-Id: I5c92722d5e7c49d0a01c7e9dbd0b254b5bea6dc4
Move it to the service setup host (defaults to utility[0]) instead
of the galera[0] host, and use galera_address (defaults to internal VIP)
as the endpoint instead of a local connection on the db host.
Change-Id: I065c079fb95f299f90b51e22e8aad42fc5dbb618
This patch refactors the openstack user/service/endpoints creation to
service_setup.yml which will eventually be managed by
openstack-ansible-tests.
Change-Id: I4af14b99ec618bb9c26c77a4e43b6e6d3b968d35
This patch aims to migrate service from usage of regular syslog files
to journald. We also disable uwsgi logging, since it dublicates
requests that are logged by service itself.
Change-Id: Id68c80b52fe72bd209e96dba230b4f2cb12f900d
This patch refactors the database creation to db_setup.yml which
will eventually be managed by openstack-ansible-tests.
This also re-orders the mq_setup to be done earlier so these system
level dependencies are ready before service activation.
Change-Id: I9073e2d4152a2e0b91e51411d375b2814458e102
The variables tacker_developer_mode and tacker_venv_download
no longer carry any meaning. This review changes tacker to
do the equivalent of what developer_mode was all the time,
meaning that it always builds the venv and never requires
the repo server, but it will use a repo server when available.
As part of this, we move the source build out of its own file
because it's now a single task to include the venv build role.
This is just to make it easier to follow the code.
We also change include_tasks to import_tasks and include_role
to import_role so that the tags in the python_venv_build role
will work.
In addition tacker init was replaced by the standard systemd_service
role. Due to this was added new variable tacker_init_config_overrides.
program_override variable has no influence now.
In config notification_driver was deprecated in favor of driver from
oslo_messaging_notifications
Change-Id: Id5629cb631b23887383fa23f472052477edbc4eb
The tacker horizon is been done in openstack-ansible-os_horiozn[0],
the temporary tacker horizon dashboard setup should be removed.
[0]: https://review.openstack.org/#/c/603832/
Change-Id: Iccbb526773694b486534ffe16927237cb7c76371
Closes-Bug: #1796015
The use of 'include_tasks' and a loop of variables creates
a situation where a user is unable to use tags to scope the
inclusion of only the MQ tasks when running the playbooks.
The use-case this is important for is when the rabbitmq
containers are destroyed and rebuilt in order to resolve
an issue with them, and the user wishes to quickly recreate
all the vhosts/users.
Ansible's 'include_tasks' is a dynamic inclusion, and dynamic
inclusions are not included when using tags. The nice thing
about dynamic inclusions is that they completely skip all
tasks when the condition does not apply, cutting down deploy
time. However, given the use-case, we should rather take on
the extra deployment time.
This patch changes the dynamic inclusion to a static one,
adds a 'common-mq' tag to cover all MQ implementations,
and re-implements the 'common-rabbitmq' tag for the tasks
that relate to RabbitMQ specifically.
It also implements conditionals for each task set so that
the rpc/notify tasks can be skipped if a vhost/user is not
required for that purpose (eg: swift does not use RPC, and
most roles will not use notifications by default).
Depends-On: https://review.openstack.org/588191
Change-Id: I336d5520875dca8c5aac9455f3a22e903123d3a9
There is no record for why we implement the MQ vhost/user creation
outside of the role in the playbook, when we could do it inside the
role.
Implementing it inside the role allows us to reduce the quantity of
group_vars duplicated from the role, and allows us to better document
the required variables in the role. The delegation can still be done
as it is done in the playbook too.
In this patch we implement two new variables:
- tacker_oslomsg_rpc_setup_host
- tacker_oslomsg_notify_setup_host
These are used in the role to allow delegation of the MQ vhost/user
setup for each type to any host, but they default to using the first
member of the applicable oslomsg host group.
We also adjust some of the defaults to automatically inherit existing
vars set in group_vars form the integrated build so that we do not
need to do the wiring in the integrated build's group vars. We still
default them in the role too for independent role usage.
Finally, we remove the test mq setup tasks and clean up any unused
or unnecessary variables configured in tests.
Change-Id: I481b2358bf3b93fba3057b825fc9e0f626d616ba
https://review.openstack.org/#/c/485259/ is throwing linters problems related
to this role. I think all of them are fixed with this patch
Change-Id: If3924bb1b7823a9c70edf68d0127b9415885a2d9
- Make possible to use gerrit with tacker role
- Introduced Vagrant file like the other roles
- Introduced gating files
- Introduced basic docs
Change-Id: I632010fe7de9a91614bc8088fa7321847f3aa9c1