Once UCA and RDO have released their packages for 2023.2 we can update
the openstack_distrib_code_name
Change-Id: I4da504eb51ee7f5359902d1af432657982b8fc84
At the moment we aim to make systemd-journald a universal destination
for log files across services. With that there is currently no way
of configuring journald using OSA. While this might be
neat for production deployments, it's very valuable to have for CI
as well.
Change-Id: I70a8c9266cb12811a58f5a183955dbec319e539f
This var is renamed _openstack_hosts_package list so that it
does not collide with a variable of the same name used in the
python_venv_build role.
Change-Id: Idedf39312df718a7d815eebb3642f75207348afb
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Change-Id: Ide0ca8cf60f3a92c98543465d53bc4720067b153
RDO provides two sets of repositories with OpenStack packages, RDO Trunk
and RDO CloudSIG [1]. Currently, openstack_hosts role always uses Trunk
repos but in some cases, users may prefer to use CloudSIG.
This patch adds a variable openstack_hosts_rdo_repo_type which can take
values "trunk" or "cloudsig" to select the type or repos to be used.
[1] https://www.rdoproject.org/what/repos/
Change-Id: I95ee40ae1366e815507b62ba632935e664971f42
Once distro packages are released, we can update our release name. This
should also fix distro jobs.
Change-Id: I826b08e026211271e9b0e363d4512b383dcd61d2
We do mainatain set of systemd roles, that allow to easily provision
extra services, mounts or even networks and used quite widely across
roles. This way we can ease lives of deployers and need of maintaining
external playbooks and roles that will do basically same. Feature for a
way to create/manage internal networking was also asked for quite
a while amoung users. Systemd-service role can also be used to
define post/pre hooks for configured networks and systemd_mount
can be usefull to setup a shared filesystems for image or volume
conversion directories to avoid running out of diskspace on controllers.
Change-Id: Ia13f7747696db5b7b7640df7532c6d55627bdd01
Instead of overriding this value everywhere, it's easier to
define it from the start to the value we want. In this case,
we want to define it to "present", while still being
overridable.
Change-Id: I81e4fe25b2871600cac30476d021402deb359ae7
Add variable, that would allow to provide extra records for /etc/hosts
file. That might be useful for ppl who still have not adopted proper
DNS or want to do DNS RR, but not for internal VIP and manage internal
VIP with /etc/hosts file, where each host group would resolve FQDN to
a local address.
Change-Id: I89f8cdebf9322c0451b5600b073c82b7773af164
We already have extra config for package manager. With this patch we
extend existing functionality by adding optional default value, that
will be concatinated with extra config.
Deployers are able to set default config to empty string if want to
disable that behaviour.
Change-Id: Ifa40a5296969088fd8f2d07968a8d94e3bc5b2c5
This patch adds a new variable `openstack_hosts_apt_pinned_packages`
which defaults to pinning ceph packages from the UCA repository to
a lower priority than the equivalent packages from the main ubuntu
repository.
Without this change, installing lxc-templates will pull packages from
the Quincy release of Ceph via Yoga UCA, and this is ahead of the
Pacific version expected by the ceph_client and ceph-ansible code.
This change improves consistency of the ceph packages installed across
the deployment and does not allow very new packages in UCA to later
cause a package downgrade failure when the ceph_client/ceph-ansible
attempts to install the well-defined version of ceph required by
openstack-ansible.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/838762
Change-Id: Ia19ba6bae3e95ceb2e517039fbbfb9346e014961
This is needed for the kmod-devel package which os_cinder tries
to install during the wheel build.
Change-Id: Idf4cac9b166b9fe922bc412cdb5b79e260723f2e
This variable can define the centos mirror location deploymemnt
wide rather than need an override per role.
Change-Id: Ibc4f63d84f82ba14b4e432b9c5d78c270071a284
In order to force requests module inside venvs to trust system-trusted
certificate authorities, we need to define environment variable
that will provide full path to CA file. Otherwise certifi provided file
will be used, that can't be updated with new CA once they're added
to system trust store.
Change-Id: I79446813602ae094bb788d3c29654fb814ec19a8
We also move CentOS repos configuration to vars to align
place where release needs to be updated with other distros.
Change-Id: I621e6c58a344c0854c8a68183faf928c599c48d5
This change implements openstack_hosts_package_manager_extra_conf variable which allows to add extra content into package manager's configuration(works with apt,yum and dnf).
Change-Id: Icbd3350c11bd0698bffc2083215ad51af759d5ef
Import tasks results in includding and skipping all tasks when condition
is false. Include won't happen when condition is false. However it we
need to define tags in compatible way for them to work properly [1]
We also remove is_container variable since we have a reliable
is_metal replacement in dynamic_inventory.
[1] https://docs.ansible.com/ansible/latest/collections/ansible/builtin/include_tasks_module.html#examples
Change-Id: If97d088736a308e8f4441bf08405c08978de241e
This addresses an issue with delegation to containers noticed
as a result of https://github.com/ansible/ansible/issues/72776
which causes the container host to be accessed by its hostname.
Where a separate deploy host is used, up to now this has not had
its hosts file modified. This patch applies the same /etc/hosts
entries to the deploy host which are used elsewhere.
Change-Id: I82b48ba5cfe6e533426e7098c455b729084b2d51
The value of '0' for rp_filter appears to be unnecessary in at
least some deployments, and can lead to confusing symptoms where
apparently impossible network routes are available. It may also
pose a security risk for hosts which are closer to the Internet.
Changing this default could be very disruptive to deployments
which depend upon it, but for those that wish to change it this
currently requires re-definition of the entire
'openstack_kernel_options' dict.
This patch adds two new variables to enable user-configuration of
the 'net.ipv4.conf.all.rp_filter' and
'net.ipv4.conf.default.rp_filter' parameters.
Change-Id: I75093e50a2786956e3669f89027042cc74b62d22
The linux kernel default for igmp_max_memberships is 20 [0].
For vxlan project networks, it is possible to specify a range
of multicast addresses for use with VXLAN tunnel broadcast traffic.
In the case where a range is specified a unique multicast group
is assigned by neutron to each vxlan network, and once
igmp_max_memberships is reached for a host, vxlan interfaces will
silently fail to join the multicast group.
This results in instances being unable to DHCP or ARP, and errors
in the neutron agent log [1].
This patch increases the default value to 1024 which should be
sufficient for all but the very largest deployments.
[0] https://sysctl-explorer.net/net/ipv4/igmp_max_memberships/
[1] http://paste.openstack.org/show/796504
Change-Id: I24a0ca3001098b278d341f710ca2e4f00dc3e09a
We need config-manager to enable repositories for CentOS 8 hosts.
Also, since we do need PowerTools inside lxc containers, we should
install tooling not only for bare metal, but also for containers.
Some projects, like manila, also require some packages out of
PowerTools repository.
Change-Id: Ic150c2698acc3b78a60de36b4714fe2aafa3e970
Debian has their own OpenStack repositories [1] which we should use
for delivering modern software and for distro deployments.
This patch also renames uca related variable to apt to correspond
the needs of these variables.
[1] https://wiki.debian.org/OpenStack
Change-Id: I7b613d50027a3e55500c5de4823268a290e04ffb
This functionality can be used to install any CA certificates that
the deployer requires into any combination of hosts/containers.
Change-Id: Ic1292e18c8add78e8cb30f624be96292b153d4fe
This change allows the deployer to specify lists of distro packages
which will be installed in addition to those specified by this role.
Rather than simply concatenate the lists of installed packages, extra
tasks are added to make the install ordering be as follows:
* install initial packages for repo/gpg keys
* configure repos
* install user defined extra packages
It is possible to install packages from the newly configured repos, as
the user defined package list is installed last.
Change-Id: I86e541e0c7d38460c697807c4f6ae5b6e7310a15
Zypper uses the concept of "vendor stickiness" and will refuse to
upgrade packages that require a vendor change. This change introduces
a new override variable to instruct zypper to view a list of vendors
as equivalent.
Change-Id: Ib3412b02f1edf9aae03cd5478ac2310cce3f2e8a
Signed-off-by: Nicolas Bock <nicolas.bock@suse.com>
If the inotify watch limit is exceeded then systemd is unable to
restart services. This can occur during an OSA minor upgrade, and results
in dnsmasq unable to restart on all container hosts simultaneously.
Change-Id: I77da5d99f0714975c1be025b46bb250712c78ed3
Commit 43434c4325 ("Revert "Revert "SUSE: Switch to OBS Cloud Master
repository""") added the Master OBS repository for openSUSE but it
did not use 'opensuse_mirror_obs' variable so OpenStack Infra mirrors
are not being used anymore making the deployment less reliable.
Fixes: 43434c4325 ("Revert "Revert "SUSE: Switch to OBS Cloud Master repository""")
Change-Id: I664d9d8a1e6492b92489975d42c4603c699f7824
This reverts commit ee13db3215.
Some packages have broken dependencies and jobs are breaking. Revert it
until it is resolved.
Change-Id: I47bb68fd646a73afecd1ad988489f09ab50603a6
The openSUSE cloud team provides packages for the current development
cycle so we should use these instead of those from the previous one.
Change-Id: Id0fe8767430c73df436bea89d8dc1a4d1fa7c7c1
It is possible that we catch the RDO mirrors inside OpenStack
in an inconsistent state because the `latest` URL changed and
the metadata is still cached in infra
This patch moves those mirror URLs to seperate variables so
that we can override them later.
Change-Id: Id5281e8f3c2453de12d0ec51b58636433e4e8d84
By setting priorities to repositories, we're messing up the ordering
of things and possibly making upgrades even more complicated. Also,
the yum_repository module of Ansible allows managing it there, so
there is no need for an extra non-idempotent task to be added on top.
We're going to set all of them to the default 99. If we need to make
any changes, we have the option to do that as well.
Depends-On: I9443f10e8c803599cbebfc2a53cb9c432bfa60d1
Change-Id: I2e42ef4022aaaa2e1cb9f461e63ce2e9e1f49511
The current-passed-ci repositories are the latest set of stable packages
from the current development cycle. During release time, we'll need to
switch this to the upstream repositories once they are out (for example
switch this to the Rocky repositories in stable/rocky).
Depends-On: I6c800dcd5b3fc6f7cc1c1e0777d93ab40c6a5e09
Change-Id: Ie9c39a608aa9341e0b569431c5f7a595ea1ed374
The `is_container` and `cache_timeout` needed to be updated to
accomodate a typical deployment.
The cache timeout was being defined as a default and as a variable
which is loaded at the start of the role. This make it impossible to
override this option. The `cache_timeout` option has been removed
from the variable files. Because this option is defined in the
defaults it will retain it's current functionality but allow deployers
to override this option.
The `is_container` default was using the `ansible_virtualization_type`
and checking if the string was returned as "lxc". This option was updated
to now also detect if the container type is "systemd-nspawn".
Change-Id: I4d65a7f83055d0483aaf23f487551341686396c6
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Unfortunately the change in [1] broke the integrated build.
The py_pkgs lookup is incapable of interpreting jinja. It
also assumes that any variable named _pip_packages has
python packages in it, and processes them.
This renames the variable so that it conforms with other distro
package lists using _distro_packages instead.
It also adjusts the way the packages are installed a little so
that the var name is overridable, and the variables are nearer
their physical host siblings.
[1] https://review.openstack.org/563684
Change-Id: I2acdab13ba2afe18656cdc66037af6b731058836
Supported openSUSE and Ubuntu distributions ship with relatively new
pip, setuptools, virtualenv and wheel packages so we can use that in
favor of the PIP ones. This also avoids running the pip_install role
on these hosts making the deployment somewhat faster.
Implements: blueprint openstack-distribution-packages
Change-Id: I424ca9ca71253cc4e673065f35c9b939942eeda3
This reverts commit c0ca5d619e.
The repository has been populated with the missing rabbitmq packages
so it's ready for general use.
Change-Id: Ib19297c9d7ff4bb3ff00cfe91b338c594232f335
Dmitriy Rabotyagov