* Update openstack-ansible-ceph_client from branch 'master'
to 2bb6cdf4811223406a95486be7d588d168f92c73
- Don't load systemd parent service for object cache
We use the systemd_service role to load a drop-in for all
services which fall under the 'ceph-immutable-object-store'
banner, but this isn't a service in its own right.
Attempting to load the service on Ubuntu Jammy results in
an error, so we prevent loading it, and leave enabling of the
individual service up to an existing later task.
Change-Id: If9c46d22f42bc3765b217b0fbc736331bf337557
* Update openstack-ansible-ceph_client from branch 'master'
to 721e96f145d4b1c6bd385616e14d40a2b8f546b7
- Align extra conf files mode
When placing ceph_extra_confs files to their destination, they're being
assigned mode 0644 with root:root ownership. However, when we're overriding
some sections in config files, we also accidentally change mode of these
files to 0640 which makes issues while reading them by clients and
makes role not idempotent.
This issue was introduced by this commit [1]
[1] https://review.opendev.org/c/openstack/openstack-ansible-ceph_client/+/888216
Change-Id: I5fe0fff9616e0829b83f61bd1b062cfd978543d6
* Update openstack-ansible-ceph_client from branch 'master'
to 6bb5f7dcdbeb60fc9c3fb50437f4766cc61b954c
- Add backwards compatibility of ceph_components format
With [1] we have broken compatibility of potentially provided extra components
config without any notice.
In order to handle this now we fix backwards compatibility along with
adding a deprecation note on the format of ``client``.
[1] https://review.opendev.org/c/openstack/openstack-ansible-ceph_client/+/882827
Closes-Bug: #2047783
Change-Id: I89b67f0f0545d799194d8486a6bb25227279af84
* Update openstack-ansible-ceph_client from branch 'master'
to 43c9071f4f3acc827fd079ba0823bcbd4052b5e2
- Merge "Allow to distribute custom key with the role"
- Allow to distribute custom key with the role
Right now we have quite strong assumption that `nova_ceph_client` should be
present among clients to fetch. At the same time, in case the role is
included outside of the OSA context, ceph_client_filtered_clients might
not contain all users we expect to see.
With that we alter the logic to fetch nova key not only when role is launched
against compute host, but also when the client is present in the list.
Change-Id: I7810881a01b9d2f3d98a6c3ad590b9ea63358011
* Update openstack-ansible-ceph_client from branch 'master'
to 5351a2a96d3713a6bd87d6485a68f9a5b4bbdcde
- Add AppArmor configuration for ceph read/write caching
When Ceph read/write caching uses paths which aren't already
covered by the libvirt/qemu apparmor rules then additional
configuration is required to ensure VMs don't fail to boot.
Change-Id: I2dff4bf54191b763e25625aa7a10bceaa1f6e595
* Update openstack-ansible-ceph_client from branch 'master'
to d08604184249858dddb97999042a78c564b70823
- Define constraints file for docs and renos
Right now we are not using any constraints for docs and releasenotes builds.
This has resulted in docs job failures once Sphinx 7.2.0 has been released.
The patch will ensure that constraints are used an we should not face
simmilar issue again.
TOX_CONSTRAINTS_FILE is updated by Release bot once new branch is created,
so it should always track relevant constraints.
Some extra syntax-related changes can apply, since patch is being passed
through ConfigParser, that does not preserve comments and align indenting.
Change-Id: Ic3ca23b672414d1944069b274d709e3a3d94de43
* Update openstack-ansible-ceph_client from branch 'master'
to 05e3c0f18394e5f23d79bff08280e9c09af7b5ca
- Apply tags to included tasks
In order to be able to use tags to run systemd_service role solely,
they must be applied properly when role is included.
Change-Id: Ic382ddfc0e79e3b9dfdeeaabdf131466127756f2
* Update openstack-ansible-ceph_client from branch 'master'
to 94a58e398bd39ba74268f8da762808876afb8d6a
- Fix linters and metadata
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Change-Id: Idb2dd6cd4bbf815e4b32c9bfbe9a66f33e1c4b97
* Update openstack-ansible-ceph_client from branch 'master'
to 22a63c5918ffa7cab48acc50e1a877d50b9425ba
- Merge "Fix retrievement keyrings from files"
- Fix retrievement keyrings from files
With [1] usage of custom owner/group has been introduced. It
converted client to be a list of mappings but it was missed in 1 place.
[1] fdd2aaa00b
Closes-Bug: #2024339
Change-Id: Icfc16ca25f0b6b45a0de0bcdf4eac71ab302a120
* Update openstack-ansible-ceph_client from branch 'master'
to e819854b0ff280c60f806c2e0e99eca50fea3110
- Fix permissions for ceph cache directories
These difrectories very specific permissions to match up with the user
and group membership.
Change-Id: I711b32a5951357b726c4b4b64e534bcd72e6c4f4
* Update openstack-ansible-ceph_client from branch 'master'
to 9ee3bb24f6da75d5a88cdb3d7aaeac2e016258c2
- Add ceph client and configuration for immutable object cache
See [1] for details of this ceph component. Optionally deployed
on nova-compute nodes to accellerate access to read-only data
for volumes created from snapshots.
[1] https://docs.ceph.com/en/latest/rbd/rbd-persistent-read-only-cache/
Change-Id: I34f2f403d03cc95f593f21c717609b9858b8d989
* Update openstack-ansible-ceph_client from branch 'master'
to f7cd0b0edaa20b88f81cb99505d113c4d33bbdc1
- Allow ceph clients to be enabled or disabled
Some clients, like the immutable object cache need
to be optional.
Change-Id: I5e78521a8530ef58bba5d17e96213391747e29bb
* Update openstack-ansible-ceph_client from branch 'master'
to fdd2aaa00b3753b393be5768f730f58d0a1e3b04
- Allow ceph client keyring files to have custom owner/group/mode
This is required for a future patch enabling the ceph
immutable object cache.
Change-Id: Ifd78224acf389200a79aea25461b499a7c0da5d1
* Update openstack-ansible-ceph_client from branch 'master'
to 3502645d5a8f8aeb3ebe1275f467ecb4aee9edd5
- Remove conditional code for ubuntu version earlier than 20.x
This has not been supported for a while in openstack-ansible so
tidy up the old code.
Change-Id: If3e0d8205a33b00a07bea530d9d7317e83f5b0d6
* Update openstack-ansible-ceph_client from branch 'master'
to 420e8376314adebc109293941640f78c9a439fee
- Merge "Improve regexp for fetching nova secret from files"
- Improve regexp for fetching nova secret from files
At the moment regexp we have does require keyring to contain only
key option. If that is full ceph authx file that does also contain
caps, regexp will grab them as well, which will result in a play failure
This patch does improve regexp to grab only key regardless of all other
content that can be present in the file.
Change-Id: I176fbcd4901dfacd4b608fac4d4fbd256d263b2a
* Update openstack-ansible-ceph_client from branch 'master'
to 8e8e86c2eb333a5f6c73adfc31f6eb7c8155f24d
- Merge "Remove functional tests"
- Remove functional tests
These jobs are run, but there is no actual test code executed other
than setting up the test environment them exiting success straight
away.
Change-Id: I1c3a3ef2584c65b9b4e7ee4c869d76c612c476d5
* Update openstack-ansible-ceph_client from branch 'master'
to 9b3bccccf2fbed941f7da3c1d62f550225f6a1b5
- Merge "Unify EPEL gpg key and repo provisioning"
- Unify EPEL gpg key and repo provisioning
At the moment we do install EPEL repo in multiple other roles, like
lxc_hosts or systemd_mount. We're trying to be consistent in ways
of adding them, while ceph_client was slightly different, by carrying on
GPG keys in-repo instead of fetching them from `centos_epel_key` url.
With this patch we unify approach with other roles and reducing
maintenance costs of the repo when adding new distributions
Change-Id: I407256dc6eee3365c4f8c191a1f50717f0b35fa8
Related-Bug: #2013276
* Update openstack-ansible-ceph_client from branch 'master'
to f2a40ab1cd9d3bb048206bc4ff490f696f1b8cd9
- Add thrift to includepkgs from EPEL
Latest ceph releases also require thrift package to be installed,
which is provided by EPEL. We add the package of allowed ones
to come from EPEL.
Change-Id: Id2cd34bf88efbda9ba37710d1052a6f54249b5bf
Closes-Bug: #2013276
* Update openstack-ansible-ceph_client from branch 'master'
to 13d48e96d48004b1d01ca05fe2ebca93b78155d0
- Merge "Define libvirt secrets from keyring files in ceph_extra_confs"
- Define libvirt secrets from keyring files in ceph_extra_confs
Previously this required always access to the mon_host of the Ceph
cluster to fetch the key for volume access. Now this key can be defined
through Ceph keyring files.
Change-Id: Ib2c755d38038b14ca3803de1bb9cbcec122eaa83
* Update openstack-ansible-ceph_client from branch 'master'
to 40b576c7a0c79192446074820d84cf74d0c365af
- Merge "Use correct index of previous task results"
- Use correct index of previous task results
Change-Id: I450515395a510e40debfcdeb04fd98169a7a835e
* Update openstack-ansible-ceph_client from branch 'master'
to b1dff02847d201b28e961a91422c0b6e6ffed783
- Update tox.ini to work with 4.0
With tox release of 4.0, some parameters were deprecated and are ignored now
which causes tox failures. One of the most spread issues we have is using
`whitelist_externals` isntead of `allowlist_externals`
Change-Id: If194947d7929dd251113a0384a3bda3e5fde8915
* Update openstack-ansible-ceph_client from branch 'master'
to 6acf029ad66724e2aaaeb5ea8d766b9dbc19f99f
- Update master for stable/zed
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: I534f5bdb19a1e1f75eeeeefbe01c8ec3bcdbe38f
* Update openstack-ansible-ceph_client from branch 'master'
to 6bdf19df35c80fccf75ffd09ecca58d6987d1e0f
- Ensure role not fail when secret_uuid is not part of ceph_extra_confs
Most tasks already check whether secret_uuid is defined but cleanup
tasks do this not and fail.
Change-Id: I31471907cafde83d73c8fa23bca377955523ec71
* Update openstack-ansible-ceph_client from branch 'master'
to edbd5268d34ab684f63d5c0524cb31293435d7ad
- Remove redundant vars line
This line snuck in with I0a8fda2e71e80624edbe271139675a71196b23ef
probably to bring it in line with other OSA roles, but should already
be covered by the distribution_major_version line above.
Change-Id: Icf9258e9f7c37e7ae34f6924fae432f15487b260
* Update openstack-ansible-ceph_client from branch 'master'
to b555c1b8c52b0f6e869fac65b539b18f962fcbda
- Do not delegate facts when fetching keyrings
At the moment if multiple clusters are used, like for AZ deployments
when cinder should connect to different ceph clusters, if
ceph_keyrings_dir defined per group_var or host_var, ceph_client_keys
will get defined multiple times each time overriding previous value,
as facts are delegated to the localhost. In order to avoid such
behaviour we define ceph_client_keys for host that delegates job
instead. This way value won't be overwriten and host_vars will be
respected.
Change-Id: I5109322a4ee805f9c0b53142a0e98d3f0aa2d3a5
* Update openstack-ansible-ceph_client from branch 'master'
to b3e7560e8022384b8269d1b380aae9602cea1824
- Provide opportunity to define cluster_name
In some cases, like AZ scenarios, deployments may interact with
several clusters at a time, while they will be distinguished by
the cluster_name. However, ceph_client role now assumes that
cluster name is `ceph` without any way to override such assumption.
Change-Id: I9dcad1e1c63294f4f59a1755507904808acb785e
* Update openstack-ansible-ceph_client from branch 'master'
to d9844a4e9421c5324eeed1a4f811681bebf6f565
- Switch sphinx language to en
With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.
Change-Id: Iacff492513352324cc94535c756b220d4753541d
* Update openstack-ansible-ceph_client from branch 'master'
to 47df3381e2ffcd2017418c1c804004cd6a77a91e
- Merge "Allow service to be absent"
- Allow service to be absent
Currently we assume that there must be a services that needs to be
restarted. At same time it's not always the case, for example when
ceph_client role is used to prepare host for cephfs mount.
Change-Id: I6a5cf134a0117e6d8c12a339713ca425a31b907b
* Update openstack-ansible-ceph_client from branch 'master'
to e094ff467b5d10bcda9eb7d98592a16a32f0fd6f
- Merge "Drop default nova client_uuid"
- Drop default nova client_uuid
We have an override in user_secrets and we should not have default uuid.
Change-Id: I62846bc8df7558f9407e6c1b06a7a96e91e8e177
* Update openstack-ansible-ceph_client from branch 'master'
to 935af2b3245cb3153f4074c066a63eb727bb7b22
- Merge "Drop duplicated group creation tasks"
- Drop duplicated group creation tasks
Exact same tasks are define in tasks/ceph_auth.yml and should cover
needs.
So we can simply avoid running same set of tasks.
Change-Id: I30593660dc6ebab46e20b680b321e3c97315bff4
* Update openstack-ansible-ceph_client from branch 'master'
to 6fbe1ab3c0e0aa9696f473bc6b7f7fe9a0a332ec
- Use global package_state
We missed upating ceph_client_package_state to use package_state
for default value, as other roles do.
So we're fixing it not to update ceph client packages every time, which
can lead to interesting consequences depending on the destination.
Change-Id: I0d6014649307bb6556cdc189cf8d749e1ec9b20a
* Update openstack-ansible-ceph_client from branch 'master'
to e0141577da241b65db7aa2c9e7a4849217f42034
- Merge "Simpify selection of the python interpreter."
- Simpify selection of the python interpreter.
We only support python3 so remove the logic supporting python2
Change-Id: I2bfbd657bf7ed5b042c3640586d8ae80c5b85136
* Update openstack-ansible-ceph_client from branch 'master'
to 3482f1b4d744d79fa16edd8439fd4b3462bbe8ca
- Refactor use of include_vars
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.
This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.
Change-Id: I0a8fda2e71e80624edbe271139675a71196b23ef
* Update openstack-ansible-ceph_client from branch 'master'
to 93ca6c6d69f24f94478d7c851693377fa5b0738c
- Use config_template as a collection
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814
Change-Id: Iee883f6d9240918c9168a7cd7c6b9dbce02eabfc
* Update openstack-ansible-ceph_client from branch 'master'
to ae7cdd2a974512c356f97ecdee8e03d6d57759ca
- Ensure role not fail when mon_host is not part of ceph_extra_confs
Currently we do not check if mon_host is defined and part of
ceph_extra_confs while attempting to remove files created by previous
steps. This causes failure since keys are not defined and are not required
Change-Id: Id41f9eef3408b75dc1b58a94442910b0394be062
Closes-Bug: #1939454
* Update openstack-ansible-ceph_client from branch 'master'
to 5c686751cb2d1705e1eec05811b39d8309135a6a
- Enable fmt package instalaltion from EPEL
Ceph requires fmt package to be installed for CentOS, which is provided
by EPEL nowadays. So we extend list of packages that needs
to be installed from EPEL.
Change-Id: Idabce1111690b74617f825dfa843c835f53db368
Closes-Bug: #1936182
* Update openstack-ansible-ceph_client from branch 'master'
to e4d8d7836e367821f5f61c306c27123826fc3c7d
- Remove references to unsupported operating systems
All references to Gentoo, SUSE, Debian stretch and Centos-7 are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible
Change-Id: I8ccd8ef5cbb4a29b782418ffa33e635962f0941e
* Update openstack-ansible-ceph_client from branch 'master'
to 8948abae9a1a68d3fb1e2537390b6f52bae48cd6
- Fix Remove revoked ceph apt-keys
when running the playbook it does appens that the apt_key task fails.
let's retry in case of failure to mimic the apt-key add that runs later.
Change-Id: Ie745496f515af1461bb8d03ba6b5c7cac5e71150
* Update openstack-ansible-ceph_client from branch 'master'
to 8e7d64641cbad47df51af3a38555bef0f5e01768
- Use ansible_facts[] instead of fact variables
See https://github.com/ansible/ansible/issues/73654
Change-Id: I46311bb1fafb9d5c401c4899aab64d562117d658