Commit Graph

15 Commits

Author SHA1 Message Date
Damian Dabrowski 2d1f4b405b Add TLS support to trove backends
By overriding the variable `trove_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the trove backend api.

The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: I15223354a28f0cc6c203f0cb3a19b9af834d4158
2023-04-29 18:44:15 +02:00
Dmitriy Rabotyagov 62977e30f6 Ensure service is restarted on unit file changes
At the moment we don't restart services if systemd unit file is changed.

We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now  we ensure that role handlers will also listen for systemd
unit changes.

Change-Id: I5ba33177a121d75e92a929e5bd81cfd4872ef406
2023-04-11 14:32:33 +00:00
Jonathan Rosser 9762f84a34 Remove legacy policy.json cleanup handler
Change-Id: I0078082f2701f4bec072c0c931996c2ee8c4af76
2022-02-02 04:24:32 -05:00
Dmitriy Rabotyagov 21619ca389 Adjust service restart handlers
We should make service restart handlers more universal, since
there might be cases where api and taskmanager are placed on different
hosts. So we should restart services only when they are present, and
filtered_trove_services helps us here as defines only services that
should exist on the host.

This also align handler with other services and fix taskmanager restart
as it is missing now but conductor is restarted twice instead.

Change-Id: Ia5c92f312a773c88563c61bba327f07ef369d62c
2021-04-26 12:39:46 +03:00
Dmitriy Rabotyagov c92b99d3f4 Update trove configuration
We haven't payed attention to the trove for a while and we need to
align configuration with current state of the service.
trove-conductor and trove-taskmanager configs are not
loaded by trove services anymore (at least by default), so we merge all
options into trove.conf

Also defaults and deprecated options are dropped from the config.

We implement bunch of new variables to cover missed logic and
some usecases.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/784565
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/784113
Change-Id: I2ba758de38ed3fee10fe1485aa25621eddbf9046
2021-04-14 10:18:29 +00:00
Dmitriy Rabotyagov eccf80bb7f [goal] Deprecate the JSON formatted policy file
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to replace policy.json to
policy.yaml and remove deprecated policy.json.

config_template has been choosen instead of the copy, since it can
properly handle content that has been lookuped.

We make a separate task not to restart service when it's not needed.

[1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html

Change-Id: I866fea573429ddcedf1547d9fa8a7caae448eca2
2021-03-30 16:54:44 +00:00
Dmitriy Rabotyagov 00ab880a0d Drop mod_wsgi support
As we don't provide wsgi file for mod_wsgi deployment (despite
having task to do that) and trove package don't contain wsgi application
we should drop apache mod_wsgi part of the setup as it's not functional.

Change-Id: I0a12fad27d3f994d79ead52ac90873a1e1362144
2019-09-04 14:47:05 +03:00
Jesse Pretorius 92614127c7 Use a common python build/install role
In order to radically simplify how we prepare the service
venvs, we use a common role to do the wheel builds and the
venv preparation. This makes the process far simpler to
understand, because the role does its own building and
installing. It also reduces the code maintenance burden,
because instead of duplicating the build processes in the
repo_build role and the service role - we only have it all
done in a single place.

We also change the role venv tag var to use the integrated
build's common venv tag so that we can remove the role's
venv tag in group_vars in the integrated build. This reduces
memory consumption and also reduces the duplication.

This is by no means the final stop in the simplification
process, but it is a step forward. The will be work to follow
which:

1. Replaces 'developer mode' with an equivalent mechanism
   that uses the common role and is simpler to understand.
   We will also simplify the provisioning of pip install
   arguments when doing this.

Depends-On: https://review.openstack.org/598957
Change-Id: Iaff49b75b03635fb07260c9a96f6459d270aed83
Implements: blueprint python-build-install-simplification
Signed-off-by: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
2018-09-03 17:57:33 +01:00
Jean-Philippe Evrard 1b03c3debe Fix usage of "|" for tests
With the more recent versions of ansible, we should now use
"is" instead of the "|" sign for the tests.

This should fix it.

Change-Id: I27326b56cfec69444dae0ca1c7abf0b78ad2299b
2018-07-12 17:02:29 +02:00
Kevin Carter 51fa0eb892
Convert role to use a common systemd service role
This removes the systemd service templates and tasks from this role and
leverages a common systemd service role instead. This change removes a
lot of code duplication across all roles all without sacrificing features
or functionality. The intention of this change is to ensure uniformity and
reduce the maintenance burden on the community when sweeping changes are
needed. The exterior role is built to be OSA compatible and may be pulled
into tree should we deem it necessary.

Change-Id: Id833d4ecf9d17bb74c1c0702c00ace241ac48873
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2018-03-30 23:06:06 -05:00
Andy McCrae bfdbbf6065 Remove Trusty support from os_trove role
Change-Id: I5f9d920cc99bcc62859663434b2615c317d8fbdc
Implements: blueprint trusty-removal
2016-12-15 15:10:27 +00:00
Kyle L. Henderson a90e7afc5c Update role with fixes for AIO testing
While doing some preliminary testing using a prototype AIO, the
following issues where observed and fixed.

The trove CLI is expecting the service name to be 'database' in
keystone.  Update from 'dbaas' to 'database'.

Add the tenant id to the trove service URLs, they are needed.

Ignore failures when restarting services since all trove services
are attempted to be restarted in all trove containers, which
produces invalid combinations.

When calling the trove-manage CLI to create the DB, provide the
trove conductor conf file so the CLI has the DB connection
information.

Add a blank line after the transport_url specification, otherwise
the following line is added to the URL and forms an invalid value.

Add Nova and Keystone configuration values to the trove api conf
file since they are needed by the trove api service.

Add Nova configuration values for the trove task manager service.

Default to using the internal URL to for nova client.

Change-Id: If70077ea5d66151999b8965c218e4cb853e6f81a
2016-09-15 12:41:14 -05:00
Donovan Francesco 3455ec7579 Deploy Openstack-Trove (DBaaS)
This commit allows the deployer to create 3 containers to run
Trove-API, Trove-Conductor and Trove-Taskmanager.

Change-Id: If93330d48f53745d45af351b9de9a4a733af943a
2016-09-01 15:17:08 +02:00
Donovan Francesco (IS) 28f3145e6b Update 2016-08-25 14:56:41 +02:00
Donovan Francesco 4b80fd260d Initial Commit 2016-08-25 14:54:34 +02:00