* Update openstack-ansible-os_zun from branch 'master'
to e164cd56d843b2ddb4bb0680d8b27175ffb7ebb5
- Add quorum queues support for service
This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.
In order to ensure upgrade path and ability to switch back to HA queues
we change vhost names with removing leading `/`, as enabling quorum
requires to remove exchange which is tricky thing to do with running
services.
Change-Id: I2e3f464534bffe9edd9d969c8d6a24adce06c02c
* Update openstack-ansible-os_zun from branch 'master'
to 3125263df0ada02ec8c5a160e47fe35e4e87cec8
- Stop generating ssh keypair for zun and kuryr user
There is no obvious need to have an SSH keypairs for zun and kuryr users
I was not able to find any proof in the project installation guide that
such keypairs were ever needed. Thus, such functionality is removed.
Change-Id: Icdaf2fec944aae95947ff421bf47d88e0cc0505e
* Update openstack-ansible-os_zun from branch 'master'
to 3f5e776ee25445e57fde5a0070f18dad86e2178d
- Fix indent in example playbook
This patch aims to fix linters job
Change-Id: Ia25e686e49a4e18db44be7b1add3d1e6869b5e6c
* Update openstack-ansible-os_zun from branch 'master'
to f9fffa27a4fdaf637506f1a1c10f61f73c5ed6b3
- Define constraints file for docs and renos
Right now we are not using any constraints for docs and releasenotes builds.
This has resulted in docs job failures once Sphinx 7.2.0 has been released.
The patch will ensure that constraints are used an we should not face
simmilar issue again.
TOX_CONSTRAINTS_FILE is updated by Release bot once new branch is created,
so it should always track relevant constraints.
Some extra syntax-related changes can apply, since patch is being passed
through ConfigParser, that does not preserve comments and align indenting.
Change-Id: I7ad481f26903519c5f1d9ab0e075ef56d7e9f091
* Update openstack-ansible-os_zun from branch 'master'
to e86a5a16eb01e95545c70f38555b045764f6c285
- Merge "Fix linters and metadata"
- Fix linters and metadata
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: Ice967ef99da11e6bd5a7dffc0a5e3d377f8598f4
* Update openstack-ansible-os_zun from branch 'master'
to 60d9d8b306bc2778033e2803b25885818323c105
- Use proper galera port in configuration
While <service>_galera_port is defined and used for db_setup
role, it's not in fact used in a connection string for oslo.db.
Change-Id: I65cbe26804fab48aed3c88ed75bfc7f28d3b5f9e
* Update openstack-ansible-os_zun from branch 'master'
to a0b2ef25cddbbb37ab9c6102c7a2c495ce0c9147
- Switch jobs to Jammy
We're dropping Ubuntu Focal support early in 2023.2 release,
so we need to switch all jobs to Jammy before this happens.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/884361
Change-Id: I0ced7aac105e5116ac97ad80578cca35331f417c
* Update openstack-ansible-os_zun from branch 'master'
to 7a63351303334599fa137f86b37b3fb097e60bf2
- Merge "Add TLS support to zun backends"
- Add TLS support to zun backends
By overriding the variable `zun_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the zun backend api.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: I85f90c573007f422b004b41e785bd1c86a21ec92
* Update openstack-ansible-os_zun from branch 'master'
to 59294072134db837446754155e7f4e161cc9e18a
- Merge "Add my_ip to the zun config"
- Add my_ip to the zun config
my_ip is leveraged by multiple other options as a default value. So it
makes sense to define it to zun_service_address, which, in turn, is
defaulted to management_address.
Change-Id: Iaa409cde1246b4aacdc0b22cd165f64aa2ca2418
* Update openstack-ansible-os_zun from branch 'master'
to 6fa05cc723768f5d3d002db8a1275ef9e4de493b
- Merge "Allow to customize location of kv storage"
- Allow to customize location of kv storage
This patch adds variables to easier control location of cluster-store
kv storage, including possibility to use zookeeper instead of etcd.
Change-Id: Ib413178268c4b5ae3ee7df57dcacbefde323819a
* Update openstack-ansible-os_zun from branch 'master'
to 330b91efecea2c8859ca610f130d7b7eb2e9835e
- Ensure service is restarted on unit file changes
At the moment we don't restart services if systemd unit file is changed.
We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now we ensure that role handlers will also listen for systemd
unit changes.
Change-Id: I53545ede7b2f129bbbf3518ab517f6f37d78598e
* Update openstack-ansible-os_zun from branch 'master'
to 51e347dcb9905d8f6d1b85c38b72234fe8e49c94
- Install kata containers from source
At the moment there are no repositories exists for Ubuntu/Debian
to install kata from. The only options are snap or source installation.
To avoid using snap, we're fetching kata release from github and
proceeding with source installation.
With that we also update docker version to existing in the repos,
as otherwise it get's 23.0.0 installed, which fails to startup
due to removal of standalone mode support.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/883194
Change-Id: I3ee976062d9288536270f9b1d80750749174af22
* Update openstack-ansible-os_zun from branch 'master'
to bdbddd26cc20c9633e5fd26ad080e7ad25d9ff96
- Update master for stable/zed
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: I4064db86e07892aea3b7a44cbd0f0bfa24011caa
* Update openstack-ansible-os_zun from branch 'master'
to 0d971e9837b6b3c4330e0e33a48e222b3339440d
- Merge "Support service tokens"
- Support service tokens
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: Id451d06bcc40c94e9ef021dd7e3c1d14703e73cc
* Update openstack-ansible-os_zun from branch 'master'
to 9a39e22b0f5802d54422f4290eaa9ebc98837931
- Remove mention of haproxy-endpoints role
Role was never migrated to usage of haproxy-endpoints role
and included task was used instead the whole time.
With that to reduce complexity and to have unified approach, all mention
of the role and handler are removed from the code.
Change-Id: Ie8f7af4f4028e3447319039fee8b0f82005c7add
* Update openstack-ansible-os_zun from branch 'master'
to 9825b2cfe94e8a3d6b5c108f2426489c453dcf91
- Switch sphinx language to en
With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.
Change-Id: I1b2e3df4d12b6b5d71159d831f6f0a65fb7d2263
* Update openstack-ansible-os_zun from branch 'master'
to 57fa739b905f2a3c8eb6d84e29f7f0adf7cafbcd
- Merge "Update Zun api-paste"
- Update Zun api-paste
This also removes CPUFilter from Zun filters as this filtering should be
done by Placement.
Change-Id: I3e463f7442ea6b17d73429e7e4dff2fb71217a30
* Update openstack-ansible-os_zun from branch 'master'
to 253f385a3871e81f3235ced6ad60c3af4c485fb3
- Merge "Use common service setup tasks from a collection rather than in-role"
- Use common service setup tasks from a collection rather than in-role
Change-Id: Ide03555f73310f30bfb481addff528cd38f19736
* Update openstack-ansible-os_zun from branch 'master'
to f329b2a7ebddd4a5557ccb87107326d3f15b432d
- Refactor use of include_vars
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.
This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.
Change-Id: I526486a8644a8d2065a720657603ddff3c6bdaec
* Update openstack-ansible-os_zun from branch 'master'
to 2a05044f743810a57cde9eed199f641261bef7ae
- kata: fix link to now removed mirror location
This is a temporary workaround and in the long term the kata
support either needs removing or refactoring to use a more recent
deployment method or installation from source.
Change-Id: I60c8de5d7ee0944bab361768c712aad06393a536
* Update openstack-ansible-os_zun from branch 'master'
to 81c24da82298f735170e516fe436d6582f527d52
- Remove testing on Centos-8
This is EOL so we now use centos-8-stream instead
Remove check jobs and gate jobs to merge anything as
the upstream etcd role is broken.
Change-Id: Id93a3efd4b43bb9770a83d6e23e5736935002922
* Update openstack-ansible-os_zun from branch 'master'
to 6b1c3f831ae6fa45c5449bb9a6de251c2d0766cd
- Remove support for Ubuntu Bionic
Change-Id: Ib13ee61f9f61bf56eaa71dfe41bd7cbf8c28675d
* Update openstack-ansible-os_zun from branch 'master'
to 00dcec6420c43f8c78aa06e5408e11a311f94d4d
- Remove testing on debian
Remove testing on buster as this is no longer a supported OS for
openstack-ansible.
The job causes kernel panics on bullseye so does not generate any
meaningful CI results. Restore testing on bullseye when zun when
this is fixed.
Change-Id: I91f5d67129065b281b3a22281d0eae9ff89786c0
* Update openstack-ansible-os_zun from branch 'master'
to 954c0a96d0395e3aa8e316c9cb91395ce535059d
- Database connection pooling improvements
- Implemented new variable ``connection_recycle_time`` responsible for SQLAlchemy's connection recycling
- Set new default values for db pooling variables which are inherited from the global ones.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819424
Change-Id: Ib258eeb4989236215d645b21ed25f9d35c3a2a0a
* Update openstack-ansible-os_zun from branch 'master'
to e72c788d94feefbddf23a34ded49339c39d2c1b6
- Refactor galera_use_ssl behaviour
With PKI role in place in most cases you don't need to explicitly
provide path to the CA file because PKI role ensures that CA is trusted
by the system overall. In the meanwhile in PyMySQL [1] you must either
provide CA file or cert/key or enable verify.
Since current behaviour is to provide path to the custom CA we expect
certificate being trusted overall. Thus we enable cert verification when
galera_use_ssl is True.
[1] 78f0cf99e5/pymysql/connections.py (L267)
Change-Id: I8b7b266d2a0633b40d38581e734ad00714b89885
* Update openstack-ansible-os_zun from branch 'master'
to 019bea7ce837fcb55914a4d9b078c17ac5ce7d0d
- Use config_template as a collection
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814
Change-Id: Iaf7027616c1c99121b07fb26fe9261e546d084df
* Update openstack-ansible-os_zun from branch 'master'
to eb78628c368b22e956d9a8bdeb859c01ed5ca9b4
- kata: disable installation on debian bullseye
Kata packages for debian 11 are not currently available without
involving Snap or source builds. As Kata is not essential to run
Zun, installation is disabled, but deployments could install it
themselves before switching 'zun_kata_enabled' back to True.
Bullseye CI is disabled temporarily as kernel panics are
encountered during tempest tests. This wastes a significant
amount of CI time.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_cinder/+/819304
Change-Id: I90fc8304dc7c398fdfccba31173c86f0cbf0ea7e
* Update openstack-ansible-os_zun from branch 'master'
to 46162be8e4e384e68c7b08ee05d43f20774bf274
- Changed minversion in tox to 3.18.0
The patch bumps min version of tox to 3.18.0 in order to
replace tox's whitelist_externals by allowlist_externals option:
https://github.com/tox-dev/tox/blob/master/docs/changelog.rst#v3180-2020-07-23
Change-Id: I641fc11045b02451c3d6d46f058eba7beef68da4
* Update openstack-ansible-os_zun from branch 'master'
to 930f3ad01417d9b67c84eb167fbc83a354462948
- Replace linters test with integarted one
We've created integrated linters check job a while back and it's successfully
working for several releases. At the moment we experience difficulties
with future maintenance of the linters check from the openstack-ansible-tests
repo. So instead of fixing current one, we replace it with modern version of
the test.
Change-Id: I97294abdb29266a0989b3399d5c25b32dbc39112
* Update openstack-ansible-os_zun from branch 'master'
to 599e30daaa806df97f0eb3a40a7f59ea4fb3ff0d
- Use ansible_facts[] instead of fact variables
See https://github.com/ansible/ansible/issues/73654
Change-Id: Ie427a6343fd888c9a1dd5c37a6285d33cd008b3e
* Update openstack-ansible-os_zun from branch 'master'
to f1c847b1df7c6b521cbb2bd82e888ef8f2da7283
- Merge "Allow to override zun policy files"
- Allow to override zun policy files
We implement `zun_policy_overrides` variable in order to allow
management of zun policy files when needed.
Change-Id: If58446a2ca1aa645e098df86c3d76c8ac94bf1a1
* Update openstack-ansible-os_zun from branch 'master'
to e0813050376b1bec551e4e5a10bfd97713d2332a
- [reno] Stop publishing release notes
Since we copy all release notes to the integrated repo there is not need
in publishing release notes for each repository. We should only verify their
validity and linting.
Change-Id: I45c240eb7ebb3df368780f2542d859b9413eeb5c
* Update openstack-ansible-os_zun from branch 'master'
to 83694d67507cd74e827904539e6fb832f91b812f
- Remove references to unsupported operating systems
All references to Gentoo, SUSE, Debian stretch and Centos-7 are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible
Change-Id: I59e808ff2dc75e36890d271db0ba7f40f9c108ed
* Update openstack-ansible-os_zun from branch 'master'
to 9c93bfa12a703e0db52d0a57b7e71276fc76945e
- Merge "Improve image and network cleanup procedure"
- Improve image and network cleanup procedure
This adds periodic cleanup of the directory which zun uses to
temporarily cache images loaded from Glance to avoid it becoming
too large.
Docker image cleanup is adjusted to make it less aggressive as
the 'until' filtering has been seen to clear images which were
created more recently than one hour.
The network pruning is removed as this causes zun to become out
of sync with Docker which can prevent creation of new containers
on pruned networks.
Finally, the default is to leave cleanup disabled so that it can
be enabled purely based upon user preference.
As Systemd timers cannot be disabled, this is achieved via a file
presence check with can be overridden for manual execution.
Change-Id: I4532d9975a2e68a12a7755ca3798a59f4928593c
* Update openstack-ansible-os_zun from branch 'master'
to e4453138e0add2d3c5925fd487567efaa1b783f2
- Merge "Reinstate voting for upgrade jobs"
- Reinstate voting for upgrade jobs
Change-Id: If350c513f3ff854544afb67236472a23c91c9c69
* Update openstack-ansible-os_zun from branch 'master'
to 695af8ba418bb020b910d7d4dea29c2199904a78
- Merge "defaults: set up docker overrides using systemd role"
- defaults: set up docker overrides using systemd role
Following on from https://review.opendev.org/765815, this change
moved the custom Docker configuration into variables rather than
its own template.
Depends-On: https://review.opendev.org/771216
Change-Id: I79371382227d0e9fdb710bff3875dc492210eae5
* Update openstack-ansible-os_zun from branch 'master'
to fe94ff67b338428d486033ffadc070fbafbe78ec
- Move zun pip packages from constraints to requirements
This is necessary to use the new pip resolver
Change-Id: Ia3782bf272a5970b6992d82e6732854af5e7a561
* Update openstack-ansible-os_zun from branch 'master'
to 67f1047af546c4d8edca8862b68f3212fdd3204b
- Add configuration for zun-wsproxy service
This fixes the configuration for the zun-wsproxy service which
relays messages from the Docker daemon, providing output from
containers' consoles to the Horizon dashboard.
Depends-On: https://review.opendev.org/769142
Change-Id: I7158e202be2e778a7a64e9ef2656f496caae97be