This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.
In order to ensure upgrade path and ability to switch back to HA queues
we change vhost names with removing leading `/`, as enabling quorum
requires to remove exchange which is tricky thing to do with running
services.
Change-Id: I78c71cb33f456cfd8d255446d708a1a957e32440
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: I7b01de89b459b4992ed9531e6c81259af21ba997
- Implemented new variable ``connection_recycle_time`` responsible for SQLAlchemy's connection recycling
- Set new default values for db pooling variables which are inherited from the global ones.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819424
Change-Id: Ie9591c96d1e5c8f4dcf04524c04056934ceb00db
We haven't payed attention to the trove for a while and we need to
align configuration with current state of the service.
trove-conductor and trove-taskmanager configs are not
loaded by trove services anymore (at least by default), so we merge all
options into trove.conf
Also defaults and deprecated options are dropped from the config.
We implement bunch of new variables to cover missed logic and
some usecases.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/784565
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/784113
Change-Id: I2ba758de38ed3fee10fe1485aa25621eddbf9046
This migrate trove-api to usage of the uwsgi from native service to
align with other service way of deployment and since that's how service
is tested in devstack.
Change-Id: I83ad3af282942ff9714757e863f393894ac35f45
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to replace policy.json to
policy.yaml and remove deprecated policy.json.
config_template has been choosen instead of the copy, since it can
properly handle content that has been lookuped.
We make a separate task not to restart service when it's not needed.
[1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html
Change-Id: I866fea573429ddcedf1547d9fa8a7caae448eca2
This patch aims to add a prefix for memcached_server
on each role to give the ability for deployers to
override the location of memcached cluster. I.e users
wants to create a single memcached cluster with k8s
for each service.
We also add pymemcache based on [1]
[1] https://review.opendev.org/711429
Change-Id: I571a0ac9417767af413937e871ea6cdf156f2d75
As we don't provide wsgi file for mod_wsgi deployment (despite
having task to do that) and trove package don't contain wsgi application
we should drop apache mod_wsgi part of the setup as it's not functional.
Change-Id: I0a12fad27d3f994d79ead52ac90873a1e1362144
This patch aims to migrate service from usage of regular syslog files
to journald. We also disable uwsgi logging, since it dublicates
requests that are logged by service itself.
Change-Id: Ib16362a8becb6666f36e5abdb93c548de2a269da
Trove is now able to properly use the service catalog [1].
We have another[2] patch that this patch depends-on, which
causes us to have a circular dependency. As the change is minimal,
should be ok to squash them together to be able to fix that role.
The paragraph bellow contains the commit message of the patch that is
being squashed.
The 'Get admin tenant id' task was passing invalid arguments to the
os_project_facts module, and the 'Store admin tenant id' task was not
using the correct variable to retrieve the project id.
[1] https://review.opendev.org/#/c/574254/
[2] https://review.opendev.org/#/c/665458/
Change-Id: I779ba715d20d83b1efe4f07226a5eadd7e0a1870
The notification driver setup was resulting in the driver and connection string
on the same line. This is caused by the case statement and how jinja formats
the template when a case statement is present. This change modifies how the
driver string is created using a ternary, which will eliminate the case
statement and render the value of the diver correctly.
Change-Id: Iefcec440db0e61adf8c6ce3a8b8ae9a4125a802d
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This patch add the conditional inclusion of the notification
section of the service configuration. This ensures that oslo.messaging
notifications use the correct transport for deployments that have
separate rpc and notify messaging backends. For example, if the
transport_url is not provided in the notification section of the
service configuration, the transport_url specified in the default
section will be used instead.
This patch conditionally selects the notifier driver. The noop
driver will be selected when notification publishing is disabled.
The messagingv2 driver is selected when notification publishing is
enabled.
Change-Id: Ie967b281e15127bbf611aca557e99ac6b3d1cd4b
Closes-Bug: #1794320
This introduces oslo.messaging variables that define the RPC and
Notify transports for the OpenStack services. These parameters replace
the rabbitmq values and are used to generate the messaging
transport_url for the service. The association of the messaging
backend server to the oslo.messaging services will then be transparent
to the trove service.
This patch:
* Add oslo.messaging variables for RPC and Notify to defaults
* Update transport_url generation (add for notification)
* Add oslo.messaging to tests inventory
* Update tests
* Update docs
* Update extras
* Add release note
Change-Id: Ia01317343ae6fbc790d64b5ba282c8c069750d45
Option auth_uri from group keystone_authtoken is deprecated[1].
Use option www_authenticate_uri from group keystone_authtoken.
[1]https://review.openstack.org/#/c/508522/
Change-Id: I9b21be85a00bf6c4fdeec139a340fecc946d1f87
Implements: blueprint deprecate-auth-uri-option
This removes the systemd service templates and tasks from this role and
leverages a common systemd service role instead. This change removes a
lot of code duplication across all roles all without sacrificing features
or functionality. The intention of this change is to ensure uniformity and
reduce the maintenance burden on the community when sweeping changes are
needed. The exterior role is built to be OSA compatible and may be pulled
into tree should we deem it necessary.
Change-Id: Id833d4ecf9d17bb74c1c0702c00ace241ac48873
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Remove the exists_notification_ticks conf setting that was removed from
Trove 2 years ago.
Remove the exists_notification_transformer setting which enables an optional
function which has been broken since Ocata per bug 1700586.
Change-Id: If9fd396d14907d4f88065ac34f671b3370a1ffa7
Related-Bug: #1700586
Option "rpc_backend" from group "DEFAULT" is deprecated for removal
(Replaced by [DEFAULT]/transport_url). Its value may be silently
ignored in the future.
Change-Id: Ia0c175746a5bdd0f8c722ab214719e77160a0e12
Implements: blueprint deprecate-rpc-backend
Option "rabbit_use_ssl" from group "oslo_messaging_rabbit" is deprecated.
Use option "ssl" from group "oslo_messaging_rabbit".
Change-Id: Ibbd06cb3e65bf9970b0b3de62c9e12ce5fa4f678
Implements: blueprint deprecate-rabbit-use-ssl
The systemd unit 'TimeoutSec' value which controls the time
between sending a SIGTERM signal and a SIGKILL signal when
stopping or restarting the service has been reduced from 300
seconds to 120 seconds. This provides 2 minutes for long-lived
sessions to drain while preventing new ones from starting
before a restart or a stop.
The 'RestartSec' value which controls the time between the
service stop and start when restarting has been reduced from
150 seconds to 2 seconds to make the restart happen faster.
These values can be adjusted by using the *_init_config_overrides
variables which use the config_template task to change template
defaults.
Change-Id: I7f23a74fd644aa0d631e9b0f7d96083b645bc032
The redis cluster port was missing from the trove sample
config files. A fix to trove is proposed here [1].
[1] https://review.openstack.org/#/c/455889
Change-Id: I15268af320dc1734c51a8c17f19335105cd95e8d
To operate properly the trove guest agent needs access to
rabbitmq and also the neutron network for trove to use must
be created and defined in the trove.conf file.
This changeset adds documentation, tasks and
configuration defaults to setup the networking for
trove.
Change-Id: Idcf87c2eef0af475c02412f03433d22d7b08643f
In the Ocata release, trove added support for encrypting the rpc
communication between the guest instances and the control plane.
These settings allow the user to specify installation specific
keys versus using the default keys.
Change-Id: Ie42d754d58e983a15b553ad8a399813c9a700344
This creates a specific slice which all OpenStack services will operate
from. By creating an independent slice these components will be governed
away from the system slice allowing us to better optimise resource
consumption.
See the following for more information on slices:
* https://www.freedesktop.org/software/systemd/man/systemd.slice.html
See for following for more information on resource controls:
* https://www.freedesktop.org/software/systemd/man/systemd.resource-control.html
Tools like ``systemd-cgtop`` and ``systemd-cgls`` will now give us
insight into specific processes, process groups, and resouce consumption
in ways that we've not had access to before. To enable some of this reporting
the accounting options have been added to the [Service] section of the unit
file.
Change-Id: I6dccb6eeabceea30922cbcf3a60e32e841612fd0
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Configure trove_conductor_workers by calculating the default value.
Similar to other services worker threads, the default value for
trove_conductor_workers is half the number of vcpus on the machine.
Also added capping of worker threads for trove.
Change-Id: If853b0e1e45b7137572df8a1123273539343c83e
Closes-Bug: #1664639
Updating the trove-post-install to generate the
trove-guestagent.conf during the os_trove deployment.
Closes-Bug: #1658694
Change-Id: I4d8ac1b40d36b188718a02b89a1ea70fb89e7111
While doing some preliminary testing using a prototype AIO, the
following issues where observed and fixed.
The trove CLI is expecting the service name to be 'database' in
keystone. Update from 'dbaas' to 'database'.
Add the tenant id to the trove service URLs, they are needed.
Ignore failures when restarting services since all trove services
are attempted to be restarted in all trove containers, which
produces invalid combinations.
When calling the trove-manage CLI to create the DB, provide the
trove conductor conf file so the CLI has the DB connection
information.
Add a blank line after the transport_url specification, otherwise
the following line is added to the URL and forms an invalid value.
Add Nova and Keystone configuration values to the trove api conf
file since they are needed by the trove api service.
Add Nova configuration values for the trove task manager service.
Default to using the internal URL to for nova client.
Change-Id: If70077ea5d66151999b8965c218e4cb853e6f81a
This commit allows the deployer to create 3 containers to run
Trove-API, Trove-Conductor and Trove-Taskmanager.
Change-Id: If93330d48f53745d45af351b9de9a4a733af943a