* Update openstack-ansible-os_octavia from branch 'master'
to 59606f0957b7d5ff8b789dcbccb4572f16f52092
- Adopt for usage openstack_resources role
With efforts to create a resources in same, unified way,
we convert tempest role to use openstack_resources
for creating and managing openstack resources, like projects, flavors,
networks, images, etc. This should reduce maintenance costs
in case of futher collection updates and unify approach.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/878794
Change-Id: I762ded9b6099ea55e8a19bfb82473b950155eaa4
* Update openstack-ansible-os_octavia from branch 'master'
to 34e0def6ec0ab10e5579555797ef5bf7a846d718
- Remove obsoleted provider drivers
amphorav1 driver has been dropped from octavia early in 2023.2 cycle [1]
[1] 6c0515c988
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/900399
Change-Id: I7afeaca12dd65e5455359e22c21a77191381bc73
* Update openstack-ansible-os_octavia from branch 'master'
to e3c74d18e3d79b512f68053120f0b97169e0f58b
- Adjust condition for availability_zone definition
We're checking if octavia_amp_availability_zone is defined, while the
variable is defined in defaults, so there is no clean way to undefine
the availability_zone except to use config overrides and define to
none.
So whe change condition in a way to allow empty value to be treated as
False which would result in availability_zone being undefined in the
config.
Change-Id: I86ffd71d6791dec700c381b695ab5a4bca8051a3
* Update openstack-ansible-os_octavia from branch 'master'
to 8da3bddd996f4a77007fcea586d945e6e2403a47
- Merge "Add quorum queues support for service"
- Add quorum queues support for service
This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.
In order to ensure upgrade path and ability to switch back to HA queues
we change vhost names with removing leading `/`, as enabling quorum
requires to remove exchange which is tricky thing to do with running
services.
Change-Id: I4781a0c23274b145970b3269e517c2a62497acc4
* Update openstack-ansible-os_octavia from branch 'master'
to 7710ff484f115f213e5d95aabc90a7fde17372ef
- Merge "Drop Neutron oslomsg configuration"
- Drop Neutron oslomsg configuration
These options were used for lbaasv2 and are not used in Octavia code
for quite some time.
Change-Id: Ie6f21fe9b46c55c37ee88ad911e7c5aa56b9db9c
* Update openstack-ansible-os_octavia from branch 'master'
to ce5c701ab4ad5553955b377943d71ed95b27c3de
- Add security rule for octavia healthmanager
Amphora does report back it's status to Octavia healthmanager through
octavia_health_manager_port. This outgoing traffic from Amphora must be
allowed to show LB stats and operational_status.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/896017
Change-Id: Ib6b8547b69949f7af0ba0f7f436b4286d3baccb7
* Update openstack-ansible-os_octavia from branch 'master'
to 1ae94217ecb1f825baf6009b2cd55c017dffff95
- Use proper galera port in configuration
While <service>_galera_port is defined and used for db_setup
role, it's not in fact used in a connection string for oslo.db.
Change-Id: I94cc61d88b0ec54bde01477e8fba35e341afffa2
* Update openstack-ansible-os_octavia from branch 'master'
to 138696d0f5e4ae7d0f5e448845eb026e01ac9748
- Define constraints file for docs and renos
Right now we are not using any constraints for docs and releasenotes builds.
This has resulted in docs job failures once Sphinx 7.2.0 has been released.
The patch will ensure that constraints are used an we should not face
simmilar issue again.
TOX_CONSTRAINTS_FILE is updated by Release bot once new branch is created,
so it should always track relevant constraints.
Some extra syntax-related changes can apply, since patch is being passed
through ConfigParser, that does not preserve comments and align indenting.
Change-Id: Ia704b63838c8730039e135eb38e170204d5a30e2
* Update openstack-ansible-os_octavia from branch 'master'
to d94e57f17bc18618306fcb9d9fb11593ed71f8ec
- Fix linters and metadata
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Change-Id: Id8215882ee528d4c3055479e770c7432616649ba
* Update openstack-ansible-os_octavia from branch 'master'
to 048f9d548ee09a7c76cc5efaef9c6c56aafd9568
- Merge "Add TLS support to octavia backends"
- Add TLS support to octavia backends
By overriding the variable `octavia_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the octavia backend api.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: Id6c187cad4e444fb83ca1f938bd13bb9b73652b3
* Update openstack-ansible-os_octavia from branch 'master'
to 8499e1713e4ee34535c8e38b18b9aa58256ae453
- Switch default provider to amphorav2
Amphorav1 has been deprecated and is removed early at the
beginning of the 2023.2 cycle. With that Antelope is perfect time for
switching the default.
[1] 6c0515c988
Change-Id: I133f20a6d971832138708101e6a8380d23e75cf2
* Update openstack-ansible-os_octavia from branch 'master'
to cea4f2e358f778d6a7ad77dcac627482f295459e
- Change default CIDR for security_group
At the moment security group allows to access Amphora SSH/API
from any network which is insecure. We're changing default for
security groups to allow access only from Octavia Management
network.
Change-Id: I6ea6ab4ec1c28a3b354d40f6744434eefb05fcfe
* Update openstack-ansible-os_octavia from branch 'master'
to 7c46b9460da678eb4199cbe0db4fcacaf48f44e6
- Do not limit IP prefix for DHCP rule
In case it's needed to limit access to DHCP servers, rules must be
way more complex then this one, since DHCP uses broadcast.
To avoid complexity, let's just avoid defining remote_ip_prefix
that allows egress traffic for DHCP.
Change-Id: I280c064b4d93bcd78092f02a928d5d6dfb4fda68
* Update openstack-ansible-os_octavia from branch 'master'
to c672dc1848391a60bb2da4f84922372eb481a8d3
- Ensure service is restarted on unit file changes
At the moment we don't restart services if systemd unit file is changed.
We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now we ensure that role handlers will also listen for systemd
unit changes.
Change-Id: I4a3346c90825a4bf0b416943286696fa529f526d
* Update openstack-ansible-os_octavia from branch 'master'
to aeebb5bdd4c26ca2686e5d5426900c15b5793fff
- Adopt info modules fetch to collection 2.0
With ansible-collection version 2.0 return of project_info module
has changed. We need to adopt usage of module return to the new format.
We also add security group rule for dhcp, since in case DHCP is enabled
for the network, it won't be provided in metadata on config-drive anymore.
Change-Id: I861797fdddbf2c82ef7b1409df577475e7424414
* Update openstack-ansible-os_octavia from branch 'master'
to 4a686acc5671b672e6dad132951d45ed819a9024
- Update master for stable/zed
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: I68231d7943454098b344fa51f75bdec7e2efa3ee
* Update openstack-ansible-os_octavia from branch 'master'
to 910128fa7ca539e69daebfd261d9ba683016a387
- Merge "Change defaults for octavia topology and affinity"
- Change defaults for octavia topology and affinity
In most of production deployments it's preferable to have ACTIVE_STANDBY
topology with enable anti-affinity to ensure that loadbalancer
can survive compute node downtime and won't lead to service disruption.
Without these settings it will take quite some time to re-spawn failed
Amphora.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/866061
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/867052
Change-Id: I4fa437117dce1c973512c09b1bc7d43d411276da
* Update openstack-ansible-os_octavia from branch 'master'
to 166fe3029156ed33ca657bb781a7865e45a67f55
- Merge "Enable /healthcheck for Octavia API"
- Enable /healthcheck for Octavia API
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/864553
Change-Id: Ie7a6dd78d5af82a546e4d6a19ec5b256df8f64e6
* Update openstack-ansible-os_octavia from branch 'master'
to a148ecf90e24c75cf0644ba4c1bcdac535d69ec0
- Merge "Remove redundant vars line"
- Remove redundant vars line
This line snuck in with I5cc0b1bde814abb0a4afe1567b9b23230a57f275
probably to bring it in line with other OSA roles, but should already
be covered by the distribution_major_version line above.
Change-Id: I7f719b3fbd7e89ce96b84c9080049888aeda7ee6
* Update openstack-ansible-os_octavia from branch 'master'
to 2f1a3b4db1664cd9492bd32d1bad1793d5e61368
- Adding octavia_provider_network_mtu-parameter parameter
The `octavia_provider_network_mtu-parameter` defaults to 1500
to not accidentially use `global_physnet_mtu` on deployment with
large MTU settings
Change-Id: I9fa33c5ee76197191f1e66b7a70a4c1c0a5fa394
* Update openstack-ansible-os_octavia from branch 'master'
to c31bbc215c2f69f9738350b9e9a592b728d8e12b
- Adopt output structure to new collections version
With commit [1] to collection output structure of networks_info module
has been changed. With that we adpot to the new format.
Return values for keypair have also changed
[1] 9272146cf7
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/864553
Change-Id: Ic22ec379983e43aa5f2b55fd4543b4aa70762354
* Update openstack-ansible-os_octavia from branch 'master'
to 87e78ee34c7f0126ba0d6a1eb8252d9141726681
- Support service tokens
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: I8cd6c47c64601089173671652a463ecc291d8ca1
* Update openstack-ansible-os_octavia from branch 'master'
to fbdfd529d886aa7174fb6bbbc42e2ec295682fd9
- Set CentOS 9 Stream as NV
Currently CentOS 9 Stream hits libvirt bug [1] that occurs on attaching
interface to running VM. Octavia is most affected by that as this is
part of usual workflow.
Fix for the bug has been already proposed and should be released
quite soon. Not to spend a lot of time on that, we rather wait for new
libvirt version to be released for CentOS 9 Stream and until then
set jobs as NV.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2092856
Change-Id: I9dd6fcea23154f781ec111a0927a26aba28954f1
* Update openstack-ansible-os_octavia from branch 'master'
to 2490e5a64eac248ba8d4eb557e1d110e179dda8d
- Merge "Use PKI role for certificate generation"
- Use PKI role for certificate generation
This patch replaces usage of role-specific tasks for managing
certificates to PKI role.
This will allow to unify certificates management with other services
along with simplify management of code.
However, this patch does not contain migration path, which should
be handled separately.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-pki/+/838713
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/843711
Change-Id: I96c6030722661eb7ffdb31ac75e09785871179d5
* Update openstack-ansible-os_octavia from branch 'master'
to 2bcdfdb61a3074fbc1119f0b51f2779ddddc6f84
- Merge "Move installation variables collection to beginning"
- Move installation variables collection to beginning
We need to collect installation method variables as early as we can as
we rely on them later on in the play.
Change-Id: I0fa1b7b25a4b6ced5606018410825e7cf2eac54a
* Update openstack-ansible-os_octavia from branch 'master'
to 24009cfef61a0e092d5cd1e3016fd35a81fc1a76
- Switch sphinx language to en
With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.
Change-Id: I7d612a82e0b79ad1d34f9cbd75c5e19f201d7741
* Update openstack-ansible-os_octavia from branch 'master'
to 47ac60ca2030d8b8b7851cb6d1a1cb5d839b22a5
- Merge "Add flexability for octavia cinder variable."
- Add flexability for octavia cinder variable.
Introduces 3 new variables cinder_default_availability_zone, octavia_cinder_volume_size and octavia_cinder_volume_type. using these variables, enables Octavia to use different Cinder configurations.
Change-Id: I8162e83d39075cd99c516b84c39ed868306283c3
* Update openstack-ansible-os_octavia from branch 'master'
to 2a4677e0d4c8d6a69f738b1a0d946e0b7d643ca8
- Merge "Fix condition for deleting old amp images"
- Fix condition for deleting old amp images
Change-Id: Ic5c9b809f90dae415ccc72233342ea3242c0b78f
Closes-Bug: 1967270
* Update openstack-ansible-os_octavia from branch 'master'
to 784656285979e757492b1116dbf603a9c3cdb81f
- Merge "Make octavia_provider_network better configurable"
- Make octavia_provider_network better configurable
For vlan scenraio we can't use octavia_provider_network_name for
octavia_provider_network but it's pretty big override, which might be
more handy with having an extra variable, that will be used inside it.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/787199
Change-Id: Ib5627dc3b37626e056c3cfe9ce54ee6a7ff25dd5
* Update openstack-ansible-os_octavia from branch 'master'
to ebac6ccb5e002b2190c065b468f39506dd7f247a
- Fix distro support option for Octavia
Distro instalaltion has been broken for a while and CI disabled for it.
With this commit we're fixing path and returning back
CI testing of it.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/837845
Change-Id: Ia715e0506e45ead6ed8ecffac3fbd70e9849da13
* Update openstack-ansible-os_octavia from branch 'master'
to 4ba4409e463f96cd28b1ca915a25031d183863d9
- Change octavia private key ciphers to type 'auto'
Modern ansible only supports the 'cryptography' backend for the
openssl_privatekey module. In this case, the 'cipher' module
parameter must be set to 'auto'.
Change-Id: I2bfe5fa57c7deb201f56f82d5699c91fcccb766d
* Update openstack-ansible-os_octavia from branch 'master'
to 9befdaaeece0dc371d54a8588742a27d374a54b5
- Merge "Use common service setup tasks from a collection rather than in-role"
- Use common service setup tasks from a collection rather than in-role
Change-Id: Id2621d0945b0f92d7ca14a0d4db66be5908d1722
* Update openstack-ansible-os_octavia from branch 'master'
to d2b3ad5dfdec6a2d8c7a4baf0478bc62916d62cb
- Refactor use of include_vars
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.
This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.
Change-Id: I5cc0b1bde814abb0a4afe1567b9b23230a57f275
* Update openstack-ansible-os_octavia from branch 'master'
to c7a7a14f7bee4d46336ab8a3cc82d29628f32c01
- Use focal amphora test image by default
Switch used default amphora image from bionic to focal
Change-Id: I5a05f583631ef7b6429da4a6a3a4e895e9c75163
* Update openstack-ansible-os_octavia from branch 'master'
to 81e8d0eeca3542c4074d1fb5e667d2524680612d
- Merge "Database connection pooling improvements"
- Database connection pooling improvements
- Implemented new variable ``connection_recycle_time`` responsible for SQLAlchemy's connection recycling
- Set new default values for db pooling variables which are inherited from the global ones.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819424
Change-Id: I7804ec93d6ec82249f4d81ccec3ab02c4bc8a233
* Update openstack-ansible-os_octavia from branch 'master'
to 1310490cbdfb7ece7f9b4b573b68ae5ef9aec3dc
- Use config_template as a collection
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814
Change-Id: I9fa37f5f781b8529874daa6deffbd47de75e28fa
* Update openstack-ansible-os_octavia from branch 'master'
to ffac17201a735115267648b657399ad9fc4be9ae
- keypair: copy key to deploy host rather than setup host
The env lookup in the key copying task refers to the deploy host.
If your deploy host user is not root then this task will fail
as this directory does not exist on the remote setup host.
As the original intention appears to have been to copy the result
of the keypair generation to the deploy host, the delegation is
explicitly set to 'localhost'.
Change-Id: I89649503d5918c33f0d1e4200be67be5e0ed8a9e
* Update openstack-ansible-os_octavia from branch 'master'
to 94e59adeeb2aba467e8fb5edbcf1a71bfe12af17
- Do not log private key
Change-Id: I07587193a0f1f84f1842b64b88a827aa3927cfe6
* Update openstack-ansible-os_octavia from branch 'master'
to 47671efb49d2a0c5e132c6b5e93f2bf19399ea7f
- Merge "Refactor galera_use_ssl behaviour"
- Refactor galera_use_ssl behaviour
With PKI role in place in most cases you don't need to explicitly
provide path to the CA file because PKI role ensures that CA is trusted
by the system overall. In the meanwhile in PyMySQL [1] you must either
provide CA file or cert/key or enable verify.
Since current behaviour is to provide path to the custom CA we expect
certificate being trusted overall. Thus we enable cert verification when
galera_use_ssl is True.
[1] 78f0cf99e5/pymysql/connections.py (L267)
Change-Id: I1a45575423b0c7664f9f6586028c6c2b50a2ada1
* Update openstack-ansible-os_octavia from branch 'master'
to f22cae7d7f5e7c9e8d6431df46fa20f5cf62cd55
- Merge "Fix spelling mistakes"
- Fix spelling mistakes
Just some various spelling mistakes I noticed while reading
Change-Id: Icc95027153b7fa86f856906630f1cfbde9149b25