* Update openstack-ansible-repo_server from branch 'master'
to 27078e06e8398d0a2030b77f32089277206957de
- Cleanup upgrade tasks
There were bunch of tasks for upgrading from lsyncd to the shared fs
mount, which can be safely cleaned-up now.
Change-Id: Ia0f5cbced196467007eafc61d3152ebea7559b84
* Update openstack-ansible-repo_server from branch 'master'
to 6a2affb1a554b2ae434b83fcc811e5cda841b002
- Ensure mounts are present only when they are expected to exist
At the moment there is a check, which ensures for race condition to
not happen between asking for a mount and mounting the point.
However, it tries to check for the mount when there is no mount
defined for the directory.
We add extra check to wait for the mount only when mounts are defined.
Change-Id: I900a55a6f4edce3d3fe419821c47cf56d641192f
* Update openstack-ansible-repo_server from branch 'master'
to 2f8dc163a25833b912d9ad290a2bffe7fe0f3af4
- Fix example playbook linters
Change-Id: I81d63abe8e6c3010ddcffddac08956a6e88e480a
* Update openstack-ansible-repo_server from branch 'master'
to 8ae6540d0bbf51004ec8487261fce724b216e738
- Fix linters and metadata
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Change-Id: I74cefdfa885fa26dd7199fd0798527f511bf329d
* Update openstack-ansible-repo_server from branch 'master'
to 2d0e465fd3bab22790213993eecafa6727785924
- Add TLS support to repo_server backends
By overriding the variable `repo_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the repo_server backend.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: I5c5d3dd5689ac122781303ad21dacc8a1fa746eb
* Update openstack-ansible-repo_server from branch 'master'
to 3d3f6102458ca7d70ce9eb8dd15e6a49c7e73505
- Turn off absolute_redirect for nginx
Nginx adds trailing slashes to the URLs ending with directories.
So by default, when accessing http://172.29.236.101:8181/pools, nginx
will return 301 redirect to http://172.29.236.101:8181/pools/.
It's an absolute redirect which causes a problem when haproxy frontend
listens on HTTPS but its backends listen on HTTP.
In this case, when accessing https://172.29.236.101:8181/pools, nginx
will return 301 redirect to http://172.29.236.101:8181/pools/ (http)
that won't work.
This patch changes behavior by disabling absolute_redirects, so when
accessing https://172.29.236.101:8181/pools, nginx will return a
redirect to relative location '/pools/' without changing protocol.
Change-Id: I9e55508996d9b24437870f2f23dca5db7827fee1
* Update openstack-ansible-repo_server from branch 'master'
to b9d9ccfc8a781759f421d5c8aa1a9276295765b5
- Update tox.ini to work with 4.0
With tox release of 4.0, some parameters were deprecated and are ignored now
which causes tox failures. One of the most spread issues we have is using
`whitelist_externals` isntead of `allowlist_externals`
Change-Id: Ib6f505093477a8b19ca8ae31ab7759904369a8c0
* Update openstack-ansible-repo_server from branch 'master'
to 87e601f951d45edcdd032656b2d2c359ef5c67d4
- Update master for stable/zed
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: I89224e297ba377656774b3b62a176226558b6bc7
* Update openstack-ansible-repo_server from branch 'master'
to f3fe5187819ae7d0e6bd705a3ff3b59cd5848417
- Convert include to include_tasks
Include is deprecated, additionally include_tasks is now faster.
Signed-off-by: Kevin Carter <kevin@cloudnull.com>
Change-Id: I20f92b972b794513cb774983f3aa6044769987d7
* Update openstack-ansible-repo_server from branch 'master'
to a9ecec103d0f823123baf429a4c9dd1361003096
- Restart nginx after removing old repo content
The version of nginx on centos-8 appears to keep file handles open,
possibly the old /var/www/repo directory persistently. Once the old
content is removed and the new shared filesystem mount is created at
the web root, ensure that nginx is restarted to close any file handles
which are now stale.
Change-Id: I941359b1b42aa4a874230a32b438dcefddfb2acb
* Update openstack-ansible-repo_server from branch 'master'
to b0fe7fd14d0bbbeff4256fe21b767b39420d27cc
- Switch sphinx language to en
With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.
Change-Id: Ieb0129ffb8964eba380a5d829e4033f19c892451
* Update openstack-ansible-repo_server from branch 'master'
to 746c1563114a4bec7cddb974afc1f0a410c0a6ed
- Merge "Use distro packages for nginx on centos."
- Use distro packages for nginx on centos.
There is no longer any need to get these from EPEL or the
nginx repos.
Change-Id: I24a031b5e14359f08a231dfc3429468561d48126
* Update openstack-ansible-repo_server from branch 'master'
to eafa818812efb4ce6872915092d06abc85b56eda
- Merge "Use the same vars file for all versions of centos"
- Use the same vars file for all versions of centos
Change-Id: I6e61e5e226c22d84d0a427359979dbb4338e890d
* Update openstack-ansible-repo_server from branch 'master'
to ce74fc77b5f091a72e1609c05823d7e1b7895771
- Merge "Avoid a race condition between mounting and using repo filesystem"
- Avoid a race condition between mounting and using repo filesystem
Wait until the path is confirmed to be a mountpoint.
Change-Id: If220d073147d8f424cfe4f0d1ab494144b406860
* Update openstack-ansible-repo_server from branch 'master'
to c9d33a7054374f8e3e385257dbadb19b582bd2ed
- Merge "Clean up legacy lsycnd, rsync and ssh key config"
- Clean up legacy lsycnd, rsync and ssh key config
These are no longer needed when a shared filesystem is used to
syncronise the repo server contents
Change-Id: I3109bd891d4c6b3522f5f741d9970093b1e882c8
* Update openstack-ansible-repo_server from branch 'master'
to 8382f1600183be099d985968389847439db134ad
- Merge "Remove all code for lsync, rsync and ssh"
- Remove all code for lsync, rsync and ssh
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/842571
Change-Id: I4f32c03179a1d8814548a92fc714a5fd9dd3f433
* Update openstack-ansible-repo_server from branch 'master'
to 4e5947dc1eccfc0262258c02b51dd18823f9a8f0
- Merge "Add infra upgrade jobs"
- Add infra upgrade jobs
Repo server has complexity with glusterfs and migration path from
lsyncd so we should cover this with an upgrade job.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-repo_server/+/843267/
Change-Id: I11eb3f3208cbe3858b642dd86145a806983c692b
* Update openstack-ansible-repo_server from branch 'master'
to 703563c59cf1a4c8ebb561d0222fe9b7f597b349
- Run content restore only on first host
Currently we're trying to restore content for each host independently
This is not needed as we already storing content on shared FS,
that's been mounted.
We don't implement variable since that's only for migration purposes.
Change-Id: I0795fa1936aaeb9b9005a35685d85b6a4a619835
* Update openstack-ansible-repo_server from branch 'master'
to a5df0d1a9bd4f4a24b578ae0596890f7b345381a
- Have a symlink to u_c versioned file
With current behavior of u-c file that is stored on repo server and
migration to shared FS instead of lsyncd, we don't have any reliable
path to check for.
Also we have issue, that with updated u-c SHA users catch "unrelated"
error in python_venv_build role.
As a solution, we can create a symlink to the u-c file, that will have
persistant name and be updated with repo_server role run.
That would give us both file to verify and it can be used as u-c URI.
Change-Id: Ie7bdb9137ed69be465f014fa811b750dbec4e428
Related-Bug: #1943978
* Update openstack-ansible-repo_server from branch 'master'
to 1f39aa02395c186a57d9b5aae738ce3680b90aa5
- Add upgrade path from lsyncd to shared filesystem.
This patch checks if the repo server content directory is a mountpoint,
and if it is not, creates an archive of the repo server contents
before mounting the shared filesystem. After the mount completes, the
archive of repo server contents is copied to the shared filesystem.
This runs on every repo server in the deployment to include corner
cases of repo servers running different OS versions or CPU architecures
and will gather all of the content onto a single shared mount.
Change-Id: I976a5ea5f6b6ebd65c22e89657763fef87cf4b23
* Update openstack-ansible-repo_server from branch 'master'
to c966363bd44f0e9032b35406d75fa61d46aad3cb
- Add facility to store repo contents on a remote mount
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/837706
Change-Id: I9008680a5f41287599d67f4ce70605b60bccabf3
* Update openstack-ansible-repo_server from branch 'master'
to 5aefc76d479d88f7b46da4d6630669ccf2fd4d95
- Merge "Use ssh_keypairs role to generate keys for repo sync"
- Use ssh_keypairs role to generate keys for repo sync
This uses ssh signed certificates so there is no longer the need
to distribute the repo_server public key from each repo_server to all
other repo_servers.
The legacy scripts and authorized key files are removed as a
migration step.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/836377
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/825292
Change-Id: I27770f3a781bdf62d2a37659e087b12db2fb459e
* Update openstack-ansible-repo_server from branch 'master'
to 4f1f7b03871acf65306a59aa2b211c3e532da081
- Merge "Ensure insist=true is always set for lsyncd"
- Ensure insist=true is always set for lsyncd
If insist is not set to true then lsyncd will exit if it cannot
perform an initial rsync to the target hosts.
Due to the order in which the repo servers are configured, lsyncd
may be installed and started on the first host in the repo_servers
group before the ssh keys and other necessary configuration have
been placed on the remaining hosts. This leads to a failure to
start lsyncd.
This patch moves the setting of insist into the lua config file
for all operating systems, and removes the need to template a
defaults file on debian derivatives.
Change-Id: I26bb0e21d797c2bfbe67e03003da01c355c27561
* Update openstack-ansible-repo_server from branch 'master'
to a91f79a43badbfd63a28aef4343f87913827519d
- Refactor use of include_vars
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.
This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.
Change-Id: I14afe3040d8ecd8702edca19877ab50b6e57007f
* Update openstack-ansible-repo_server from branch 'master'
to 3b402db6b1577dee76aa54d5480c0e4cfcafe97d
- Replace linters test with integarted one
We've created integrated linters check job a while back and it's successfully
working for several releases. At the moment we experience difficulties
with future maintenance of the linters check from the openstack-ansible-tests
repo. So instead of fixing current one, we replace it with modern version of
the test.
Change-Id: I73ff28f76aed64cf527cd4c58d25954b5e864f20
* Update openstack-ansible-repo_server from branch 'master'
to 8f105a7c726f56e40e7c78d3f7120884a0e8acb2
- Merge "Allow constraints files to be hosted on the repo server"
- Allow constraints files to be hosted on the repo server
Change-Id: I2a28a180e0bb947da2b091ec0671a48ef857e8e5
* Update openstack-ansible-repo_server from branch 'master'
to dfe91c5ac064518d16d4f53bfb59ab527d41b202
- Remove references to unsupported operating systems
All references to Gentoo, SUSE, Debian stretch and Centos-7 are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible
Change-Id: Ibe914d0d547b930b8167bfa475cc838df8d7ae25
* Update openstack-ansible-repo_server from branch 'master'
to aab7090e4d7a3bc5947166931a23aa0639d188fc
- Use ansible_facts[] instead of fact variables
See https://github.com/ansible/ansible/issues/73654
Change-Id: I3e48000a4685d4df46cd60113ce4c0c02b63dc0c
* Update openstack-ansible-repo_server from branch 'master'
to 46c4b8e1045b2bb1d01849ed80247541e31b87d9
- [reno] Stop publishing release notes
Since we copy all release notes to the integrated repo there is not need
in publishing release notes for each repository. We should only verify their
validity and linting.
Change-Id: Icd69125b861d292bfdbfca264e3867e4acf9b469
* Update openstack-ansible-repo_server from branch 'master'
to 64c683aa13c509c7b030069388d98706f4644726
- Fix order for removing nginx file.
the default config needs to be removed after the pkg is installed.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/766030
Change-Id: Ibb9ccd8b85f673103f3ce863a8eb0641ebb056fb
* Update openstack-ansible-repo_server from branch 'master'
- Use infra jobs for testing
Infra jobs are more appropriate for testing infra resources, such
as repo server.
Depends-On: https://review.opendev.org/660477
Change-Id: Ie696c1b6b6732d0a59f03351d3135554afc14ce4
* Update openstack-ansible-repo_server from branch 'master'
- Merge "Allow remote detection of repo sync status"
- Allow remote detection of repo sync status
If a repo container and its data are deleted and recreated then it is
not currently possible for a loadbalancer healthcheck to differentiate
between an empty repo server and a correctly synchronised one.
This patch creates a file 'repo-sync-complete' as part of the process
of synchronising repo contents from master repo servers to slaves. The
presence of this file on the slave can then be used as the loadbalancer
healthcheck to ensure that repo contents are only served once sync has
completed.
In addition, this patch ensures that synchronisation occurs from the
master to a reprovisioned slave by triggering a master repo server lsyncd
restart handler during the initial setup of the slave repo server.
Currently, a freshly provisioned repo server will remain empty
for an indeterminate amount of time, this patch forces a complete re-sync
to occur.
Change-Id: I6913341674dbde5524c2270e824bda4544211eca
* Update openstack-ansible-repo_server from branch 'master'
- Add Centos-8 support
Reverting patch https://review.opendev.org/#/c/709532/ which is installing lsyncd using source
but now el8 epel repo providing distro rpm for lsyncd so we don't need to install from source.
also changing lsyncd.conf.lua path to /etc/lsyncd/ for centos8 support.
adding rsync-daemon rpm because centos8 islocated daemon and client in seperate package.
Change-Id: Ia8c1fad5728bd6adec510f8bc1d7bb754393de93
* Update openstack-ansible-repo_server from branch 'master'
- Merge "Do not install lsyncd when it's not needed"
- Do not install lsyncd when it's not needed
We don't need to build lsyncd when only 1 host is in repo_server group
Change-Id: I913531ce37af68d881c8968a966a94681a1abae9
* Update openstack-ansible-repo_server from branch 'master'
- remove ansible_python_interpreter
ansible_python_interpreter is now set to auto in the tests repo.
it doesn't need to be overwritten in the test anymore.
Depends-On: https://review.opendev.org/734676/
Change-Id: I73c3c12fe937cda95455dcd5cd708d03a316b392
* Update openstack-ansible-repo_server from branch 'master'
- Merge "Restart rsyncd if the configuration file is changed"
- Restart rsyncd if the configuration file is changed
Previously the handler for restarting rsyncd was never called.
Split the config file template task out from the nginx task and
notify the rsyncd handler when the config file is changed.
Change-Id: I47982b5974c686a6dec7bd1a789daa54ea9652c7
* Update openstack-ansible-repo_server from branch 'master'
- Merge "Use newer openstackdocstheme and reno versions"
- Use newer openstackdocstheme and reno versions
The sync from https://review.opendev.org/733244 updated to
openstackdocstheme 2.2.1 and reno 3.1.0 versions.
Set openstackdocs_pdf_link to link to PDF file. Note that
the link to the published document only works on docs.openstack.org
where the PDF file is placed in the top-level html directory. The
site-preview places the PDF in a pdf directory.
openstackdocstheme renames some variables, so follow the renames
before the next release removes them. A couple of variables are also
not needed anymore, remove them.
See also
http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014971.html
Change-Id: I661ea2f75fdd0cac7ab57bea378a58e31e204cfe
* Update openstack-ansible-repo_server from branch 'master'
- Merge "Bind services to mgmt network addresses"
- Bind services to mgmt network addresses
These addresses are given defaults of 0.0.0.0 in the role defaults
but in a deployment we know which address each service should bind to.
The variable repo_server_bind_address should hold the mgmt network IP
address for either containerised or metal deployments and drives the
bind addresses where necessary.
Co-Authored-By: Jonathan Rosser <jonathan.rosser@rd.bbc.co.uk>
Change-Id: Iff95282b91a94d22fc8f6cdbadefacb53cae5b79
* Update openstack-ansible-repo_server from branch 'master'
- Merge "Update docstheme for style"
- Update docstheme for style
New version of openstackdocstheme (Victoria+) respects pygments_style.
Since this repo is using now Victoria (master) requirements but has
not branched for Ussuri yet, it uses the new version.
Change pygments_style to 'native' since old theme version always used
'native' and the theme now respects the setting and using 'sphinx' can
lead to some strange rendering.
Change-Id: I5fbadb836d7e1533f949601431fc5deacaec64b3
* Update openstack-ansible-repo_server from branch 'master'
- Update master for stable/ussuri
Add file to the reno documentation build to show release notes for
stable/ussuri.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/ussuri.
Change-Id: I0d5146868e1a45d7c1c78d0628ee9000d66f9db6
Sem-Ver: feature