Commit Graph

69 Commits

Author SHA1 Message Date
Dmitriy Rabotyagov 3125263df0 Stop generating ssh keypair for zun and kuryr user
There is no obvious need to have an SSH keypairs for zun and kuryr users
I was not able to find any proof in the project installation guide that
such keypairs were ever needed. Thus, such functionality is removed.

Change-Id: Icdaf2fec944aae95947ff421bf47d88e0cc0505e
2023-10-14 08:48:05 +00:00
Dmitriy Rabotyagov dddc665165 Fix linters and metadata
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.

With that we also update metdata to reflect current state.

Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: Ice967ef99da11e6bd5a7dffc0a5e3d377f8598f4
2023-07-14 21:30:29 +02:00
Damian Dabrowski aaf4b3f201 Add TLS support to zun backends
By overriding the variable `zun_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the zun backend api.

The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: I85f90c573007f422b004b41e785bd1c86a21ec92
2023-05-19 09:06:00 +00:00
Dmitriy Rabotyagov 51e347dcb9 Install kata containers from source
At the moment there are no repositories exists for Ubuntu/Debian
to install kata from. The only options are snap or source installation.

To avoid using snap, we're fetching kata release from github and
proceeding with source installation.

With that we also update docker version to existing in the repos,
as otherwise it get's 23.0.0 installed, which fails to startup
due to removal of standalone mode support.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/883194
Change-Id: I3ee976062d9288536270f9b1d80750749174af22
2023-05-19 09:01:00 +00:00
Dmitriy Rabotyagov 53ad680494 Move etcd installation to playbook
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/847362
Change-Id: Ifb111105b63515449c07ffcd27b72bb9eceab83d
2022-06-23 17:34:19 +02:00
Zuul 0d971e9837 Merge "Support service tokens" 2022-06-17 10:44:23 +00:00
Dmitriy Rabotyagov 04b99a0f81 Support service tokens
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.

Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: Id451d06bcc40c94e9ef021dd7e3c1d14703e73cc
2022-06-16 19:24:26 +00:00
Dmitriy Rabotyagov 9a39e22b0f Remove mention of haproxy-endpoints role
Role was never migrated to usage of haproxy-endpoints role
and included task was used instead the whole time.
With that to reduce complexity and to have unified approach, all mention
of the role and handler are removed from the code.

Change-Id: Ie8f7af4f4028e3447319039fee8b0f82005c7add
2022-06-14 20:06:38 +02:00
Zuul 253f385a38 Merge "Use common service setup tasks from a collection rather than in-role" 2022-02-21 13:06:00 +00:00
Jonathan Rosser f329b2a7eb Refactor use of include_vars
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.

This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.

Change-Id: I526486a8644a8d2065a720657603ddff3c6bdaec
2022-02-03 17:27:47 +00:00
Jonathan Rosser b0f47ab726 Use common service setup tasks from a collection rather than in-role
Change-Id: Ide03555f73310f30bfb481addff528cd38f19736
2022-02-01 19:19:30 +00:00
OpenStack Proposal Bot 132afb8670 Updated from OpenStack Ansible Tests
Change-Id: Ife0214e2da129c5f3b2ffb3475bb0d91a7fcf3c5
2021-12-04 17:42:06 +00:00
Dmitriy Rabotyagov ae6f549766 Refactor definition of lock path
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819300
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/819298
Change-Id: I0fb662cc3fe241bf3934306b7ee8a3c8fdbcf747
2021-12-02 10:10:56 +00:00
Dmitriy Rabotyagov 019bea7ce8 Use config_template as a collection
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814



Change-Id: Iaf7027616c1c99121b07fb26fe9261e546d084df
2021-12-01 18:16:06 +00:00
Jonathan Rosser 599e30daaa Use ansible_facts[] instead of fact variables
See https://github.com/ansible/ansible/issues/73654

Change-Id: Ie427a6343fd888c9a1dd5c37a6285d33cd008b3e
2021-05-05 11:57:35 +01:00
Zuul f1c847b1df Merge "Allow to override zun policy files" 2021-04-21 23:16:35 +00:00
Zuul 77b0d49ba1 Merge "Fix u-c filter regex" 2021-04-21 17:50:54 +00:00
OpenStack Proposal Bot ec2a8eb1b1 Updated from OpenStack Ansible Tests
Change-Id: I4ac5aa9db822a27fb01918e11152e25e3c7bcc04
2021-04-19 10:00:28 +00:00
Jonathan Rosser 3a475d910d Fix u-c filter regex
Change-Id: Ib66d7ad37baffd6829b750441cb7e37084311564
2021-03-30 10:19:38 +01:00
Dmitriy Rabotyagov 513e730990 Allow to override zun policy files
We implement `zun_policy_overrides` variable in order to allow
management of zun policy files when needed.

Change-Id: If58446a2ca1aa645e098df86c3d76c8ac94bf1a1
2021-03-22 20:16:31 +02:00
Jonathan Rosser 83694d6750 Remove references to unsupported operating systems
All references to Gentoo, SUSE, Debian stretch and Centos-7  are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible

Change-Id: I59e808ff2dc75e36890d271db0ba7f40f9c108ed
2021-03-10 12:16:40 +00:00
Zuul 9c93bfa12a Merge "Improve image and network cleanup procedure" 2021-03-01 10:45:08 +00:00
Andrew Bonney b5bd190e24 Improve image and network cleanup procedure
This adds periodic cleanup of the directory which zun uses to
temporarily cache images loaded from Glance to avoid it becoming
too large.

Docker image cleanup is adjusted to make it less aggressive as
the 'until' filtering has been seen to clear images which were
created more recently than one hour.

The network pruning is removed as this causes zun to become out
of sync with Docker which can prevent creation of new containers
on pruned networks.

Finally, the default is to leave cleanup disabled so that it can
be enabled purely based upon user preference.

As Systemd timers cannot be disabled, this is achieved via a file
presence check with can be overridden for manual execution.

Change-Id: I4532d9975a2e68a12a7755ca3798a59f4928593c
2021-02-19 09:37:32 +00:00
Dmitriy Rabotyagov 0cd6894281 Remove pre-flight checks
Change-Id: I73d498dc3143d3c29df426676ffbe93ef494db31
2021-02-15 19:33:19 +02:00
Zuul 695af8ba41 Merge "defaults: set up docker overrides using systemd role" 2021-02-12 10:45:45 +00:00
Jonathan Rosser fe94ff67b3 Move zun pip packages from constraints to requirements
This is necessary to use the new pip resolver

Change-Id: Ia3782bf272a5970b6992d82e6732854af5e7a561
2021-02-07 19:39:47 +00:00
Andrew Bonney 7cc411f944 defaults: set up docker overrides using systemd role
Following on from https://review.opendev.org/765815, this change
moved the custom Docker configuration into variables rather than
its own template.

Depends-On: https://review.opendev.org/771216
Change-Id: I79371382227d0e9fdb710bff3875dc492210eae5
2021-02-01 08:26:07 +00:00
Andrew Bonney fb440ce3d0 Add support for kata container runtime
This adds support for kata containers by installing and configuring
the relevant runtime.

The default remains as 'runc' but can be adjusted using the
variable added to the defaults.

Change-Id: Iea07012d092333c656b397f97b541a2f0a5f0e44
2021-01-12 08:30:57 +00:00
Andrew Bonney 6045bac2e8 Add timed cleanup script to handle old Docker data
The Docker image cache does not get emptied automatically and
can take up significant disk space. In addition, old networks can
leave iptables rules, network devices and routing table entries
behind.

This patch adds a periodic timer job to delete this data where it
is safe to do so and won't impact existing containers.

Change-Id: I7045fcbb8bcd7a9744cc35fb2668016bacab4f1b
2021-01-08 09:14:00 +00:00
OpenStack Proposal Bot f82044fc52 Updated from OpenStack Ansible Tests
Change-Id: I14168ae45eb19d4fca10f9803ca559332abf7ec8
2021-01-04 10:17:40 +00:00
Andrew Bonney 6d6a4beb28 Update zun role to match current requirements
Brings together a set of existing patches and attempts to address
permissions issues with the kuryr-libnetwork plugin.

Defaults are chosen to match the requirements of the tempest tests

Change-Id: Ie674947ba6673a92e53f85de2cc8acdae5788f8f
Depends-On: https://review.opendev.org/767469
2020-12-17 08:44:37 +00:00
Dmitriy Rabotyagov 07d7845820 Use the utility host for db setup tasks
Move it to the service setup host (defaults to utility[0]) instead
of the galera[0] host, and use galera_address (defaults to internal VIP)
as the endpoint instead of a local connection on the db host.

Change-Id: Ic57de36d5d240e6a5dda6e1794aa04d1f77fb962
2020-08-20 19:51:42 +03:00
OpenStack Proposal Bot 767a11450c Updated from OpenStack Ansible Tests
Change-Id: I0dbbb49cab0bd28f83f4b8fd003c25e579bfa007
2020-08-12 11:35:56 +00:00
root 649f8f0368 Add centos-8 support
Renaming redhat-7.yml to redhat.yml for centos-8 support.

Depends-On: https://review.opendev.org/742166
Change-Id: I05f91dbcd64c8b3f113a920b32ce603bdd58a0d0
2020-08-04 14:14:45 +00:00
OpenStack Proposal Bot bc3de56005 Updated from OpenStack Ansible Tests
Change-Id: Id4bf83b08b6324678ab34817d4e64b44281f4a35
2020-06-08 19:57:39 +00:00
Dmitriy Rabotyagov bc39aac81b Start using uWSGI role
Move service to use uWSGI role instead of internal python daemon.
This aims to unify deployments by using uwsgi for all services
api which support using them as wsgi applications.

Depends-On: https://review.opendev.org/693528
Change-Id: I69044a13106f16bbbef8ae83e79a08aa127a7d2a
2019-11-08 16:36:56 +02:00
Jonathan Rosser 5425851cf3 Allow venv python interpreter to be overridden
Change-Id: Idf31f0a3cda2932ba041defef803ac66c88a2e8e
2019-11-07 14:59:14 +00:00
OpenStack Proposal Bot 0f95ff232f Updated from OpenStack Ansible Tests
Change-Id: I4bd36131ea9a85cd467e57529861be05b2508ea6
2019-09-04 15:20:07 +00:00
Dmitriy Rabotyagov 54c580ced0 service_setup: refactor service setup to a single file
This patch refactors the openstack user/service/endpoints creation to
service_setup.yml which will eventually be managed by
openstack-ansible-tests.

Change-Id: I8c9d80b5396ef486f1fd70857b0d8ebbffdf87a6
2019-08-08 14:32:18 +03:00
Dmitriy Rabotyagov 0839ec0935 Use systemd-journald instead of log files
This patch aims to migrate service from usage of regular syslog files
to journald. We also disable uwsgi logging, since it dublicates
requests that are logged by service itself.

Change-Id: Id466ac20d9d18fa86a4615a73433a51720bafc8e
2019-07-17 20:32:48 +03:00
Zuul 4329f2f3e5 Merge "Updated from OpenStack Ansible Tests" 2019-07-15 21:27:51 +00:00
OpenStack Proposal Bot 2e07702b34 Updated from OpenStack Ansible Tests
Change-Id: I1db75e2e7cb4b9656cdde2c1f4b8f8c472291081
2019-06-27 10:23:46 +00:00
Dmitriy Rabotjagov 373e2d3042 Convert dynamic includes to static imports
When task/role files are included using include_tasks, tags are not
passed to the included tasks. As a result, tags like neutron-config
do not have the intended effect. This patch changes include_tasks
to import_tasks for all cases where dynamic vars or loops are not used
so that tags are properly handled.

Reference -
https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse.html
https://bugs.launchpad.net/openstack-ansible/+bug/1815043

Change-Id: I7c4c7e6887cc756998ce028355402705a45e18ed
2019-06-24 19:26:20 +00:00
Dmitriy Rabotjagov 0475d4218e db_setup: refactor database setup to a common file
This patch refactors the database creation to db_setup.yml which
will eventually be managed by openstack-ansible-tests.

Additionally enabling extras repo for centos, since it's not
enabled by default but required by docker

Change-Id: I441feb4b74b72002af0284137e6025821024979e
2019-06-24 21:16:21 +03:00
OpenStack Proposal Bot d7a91ed14a Updated from OpenStack Ansible Tests
Change-Id: I2c70a99d005eb4d7879de0105c924393f01b6288
2019-05-09 11:35:47 +00:00
OpenStack Proposal Bot cb1f62e253 Updated from OpenStack Ansible Tests
Change-Id: I3b745a3695f0498681b3c88ea3281699608c0aa5
2019-04-17 19:12:29 +00:00
OpenStack Proposal Bot 229a850c47 Updated from OpenStack Ansible Tests
Change-Id: I90f974021ef08c390ae59ffa2f123a747051bc9d
2019-04-17 07:26:12 +00:00
OpenStack Proposal Bot 3814184679 Updated from OpenStack Ansible Tests
Change-Id: Iceb19e0b004ec00669fd6a3fbf98c09e4d42f4ac
2019-04-13 20:24:10 +00:00
OpenStack Proposal Bot 9e7c673605 Updated from OpenStack Ansible Tests
Change-Id: Ifd9b23af12f4a56309ac9f8d30dd0737ddf1b157
2019-04-01 13:19:37 +00:00
Dmitriy Rabotjagov 0684afa2c5 Update role for new source build process
The variables zun_developer_mode and zun_venv_download
no longer carry any meaning. This review changes zun to
do the equivalent of what developer_mode was all the time,
meaning that it always builds the venv and never requires
the repo server, but it will use a repo server when available.

As part of this, we move the installation out of its own file
because it's now a single task to include the venv build role.
This is just to make it easier to follow the code.

We also change include_tasks to import_tasks and include_role
to import_role so that the tags in the python_venv_build role
will work.

As part of commit xenial testing was removed. Instead centos 7
and opensuse 15 functional tests were added.

Change-Id: Ic8fc09372cf7397df6757c115b2c05dbb5db68f1
2019-03-29 12:43:52 +02:00