Due to the shortcoming of QManager implementation [1], in case of uWSGI
usage on metal hosts, the flow ends up with having the same
hostname/processname set, making services to fight over same file
under SHM.
In order to avoid this, we prepend the hostname with a service_name.
We can not change processname instead, since it will lead to the fight
between different processes of the same service.
[1] https://bugs.launchpad.net/oslo.messaging/+bug/2065922
Change-Id: If92f81bee0ffd3556e1b1e1f26e7572af04ff1b2
<service>-config tags are quite broad and have a long execution
time. Where you only need to modify a service's '.conf' file and
similar it is useful to have a quicker method to do so.
Change-Id: I6b168e0bfbc0cf0fa3847a5cdfd9f6dda3d1d64e
This unifies approach for common resource management, like image
uploads.
With that we also split network creation with information fetch about it
to include role only once and save execution time.
Change-Id: Ib0126a0ac70aa613296a8d6e1ca61b34e22b02c2
During last release cycle oslo.messaging has landed [1] series of extremely
useful changes that are designed to implement modern messaging
techniques for rabbitmq quorum queues.
Since these changes are breaking and require queues being re-created,
it makes total sense to align these with migration to quorum queues by default.
[1] https://review.opendev.org/q/topic:%22bug-2031497%22
Change-Id: Icd659cdf4c817d100668ab9c5639288b63078c38
In order to be able to globally enable notification reporting for all services,
without an need to have ceilometer deployed or bunch of overrides for each
service, we add `oslomsg_notify_enabled` variable that aims to control
behaviour of enabled notifications.
Presence of ceilometer is still respected by default and being referenced.
Potential usecase are various billing panels that do rely on notifications
but do not require presence of Ceilometer.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/914144
Change-Id: I061653c3976458c0161915b7273f1ee2c575df13
In order to allow definition of policies per service, we need to add variables
so service roles, that will be passed to openstack.osa.mq_setup.
Currently this can be handled by leveraging group_vars and overriding `oslomsg_rpc_policies` as a whole, but it's not obvious and
can be non-trivial for some groups which are co-locating multiple services
or in case of metal deployments.
Change-Id: I9faab7b89cc870a3580c622d3a9bab79c7500e8e
As it's recommended to have an independent RabbitMQ cluster for Trove
Guestagent, we need to make it possible to easily use also different
user/password set for it.
It's also important to control quorum queues independently, as migration
between quorum queues and classic queues for guestagent cluster
is quite cumbersome and potentially should be avoided as might
bring severe disturbances.
Change-Id: Ib68778a8cb8535d7400be04f02d332ba0344d20e
While adding support for quorum queues it was missed to reflect changes
for guestagent settings, which leads to invalid configuration
Closes-Bug: #2056663
Change-Id: Id8a428686287ec4067c5eeec12d65329d0248669
While adding TLS support for RabbitMQ it was missed to configure
notifications for Trove guestagent.
Related-Bug: #2056663
Change-Id: Iad29d9f4f344861e3fa9a959c2c03d5a3f87c430
With efforts to create a resources in same, unified way,
we convert tempest role to use openstack_resources
for creating and managing openstack resources, like projects, flavors,
networks, images, etc. This should reduce maintenance costs
in case of futher collection updates and unify approach.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/878794
Change-Id: I848ab09f8b6c81681f0ce0b5c0cc53b5653791c5
This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.
In order to ensure upgrade path and ability to switch back to HA queues
we change vhost names with removing leading `/`, as enabling quorum
requires to remove exchange which is tricky thing to do with running
services.
Change-Id: I78c71cb33f456cfd8d255446d708a1a957e32440
Right now we are not using any constraints for docs and releasenotes builds.
This has resulted in docs job failures once Sphinx 7.2.0 has been released.
The patch will ensure that constraints are used an we should not face
simmilar issue again.
TOX_CONSTRAINTS_FILE is updated by Release bot once new branch is created,
so it should always track relevant constraints.
Some extra syntax-related changes can apply, since patch is being passed
through ConfigParser, that does not preserve comments and align indenting.
Change-Id: I8c1c5c930a72ffd0d79ffeab46421c04b7ced0ca
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: Iaab0ad50fd65287094522f77283a0112859d7730
By overriding the variable `trove_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the trove backend api.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: I15223354a28f0cc6c203f0cb3a19b9af834d4158
At the moment we don't restart services if systemd unit file is changed.
We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now we ensure that role handlers will also listen for systemd
unit changes.
Change-Id: I5ba33177a121d75e92a929e5bd81cfd4872ef406
With ansible-collection version 2.0 return of project_info module
has changed. We need to adopt usage of module return to the new format.
Change-Id: Ib4f3ced7f2175e5187f8c16f88fbfbcb3a472d0b
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: I7cd73a8e8eccf28e3991913a35aa3ac9e847774f
With commit [1] to collection output structure of networks_info module
has been changed. With that we adpot to the new format.
[1] 9272146cf7
Change-Id: Ia0d50b96a4af59352a89c566137d8b0208338b6b
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: I7b01de89b459b4992ed9531e6c81259af21ba997
With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.
Change-Id: Iabdc99ad150ea318263b4c384b26160c4b6c816a
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.
This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.
Change-Id: I41a360e6f99ecd0ca5e4c13888bff4f363d8bc33
- Implemented new variable ``connection_recycle_time`` responsible for SQLAlchemy's connection recycling
- Set new default values for db pooling variables which are inherited from the global ones.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819424
Change-Id: Ie9591c96d1e5c8f4dcf04524c04056934ceb00db
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814
Change-Id: I377c7b182861a8c53c3ab43690c2bed0d648f3ae
With PKI role in place in most cases you don't need to explicitly
provide path to the CA file because PKI role ensures that CA is trusted
by the system overall. In the meanwhile in PyMySQL [1] you must either
provide CA file or cert/key or enable verify.
Since current behaviour is to provide path to the custom CA we expect
certificate being trusted overall. Thus we enable cert verification when
galera_use_ssl is True.
[1] 78f0cf99e5/pymysql/connections.py (L267)
Change-Id: I27bbc7b97a2fec235d43b4ca502a3667450dc1fa
We've created integrated linters check job a while back and it's successfully
working for several releases. At the moment we experience difficulties
with future maintenance of the linters check from the openstack-ansible-tests
repo. So instead of fixing current one, we replace it with modern version of
the test.
Change-Id: I2587d1c6ec05d5a31a69143eecc16f7b84dce669
We should make service restart handlers more universal, since
there might be cases where api and taskmanager are placed on different
hosts. So we should restart services only when they are present, and
filtered_trove_services helps us here as defines only services that
should exist on the host.
This also align handler with other services and fix taskmanager restart
as it is missing now but conductor is restarted twice instead.
Change-Id: Ia5c92f312a773c88563c61bba327f07ef369d62c
By default OSA shares `service` project across services. So we should
not override _project_description with services
Change-Id: I0e194c5bf0ae4de1c9dd906c36955b6217d3f601
Since Trove requires guest network to be passed to the rabbitmq it makes
sense to use standalone rabbitmq cluster and instruction about how to do
might be useful
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/784780
Change-Id: Ibbc6faa2a5d5b3af39db9ae214ba9087a777a0eb
We haven't payed attention to the trove for a while and we need to
align configuration with current state of the service.
trove-conductor and trove-taskmanager configs are not
loaded by trove services anymore (at least by default), so we merge all
options into trove.conf
Also defaults and deprecated options are dropped from the config.
We implement bunch of new variables to cover missed logic and
some usecases.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/784565
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/784113
Change-Id: I2ba758de38ed3fee10fe1485aa25621eddbf9046
This migrate trove-api to usage of the uwsgi from native service to
align with other service way of deployment and since that's how service
is tested in devstack.
Change-Id: I83ad3af282942ff9714757e863f393894ac35f45