In order to save quite some time during the role execution, we apply
run_once when defining /etc/hosts content.
While this good for "static" content which is based on the inventory,
resolving openstack_host_custom_hosts_records once may lead to
unexpected behaviour. For instance, if host record depends on some specific
group or other variables defined in host/group variables.
In order to resolve it accordingly, we merge status and custom records together
in blockinfile, which allows to resolve record individually for each host
and not having penalty for most usecases.
Change-Id: I48274de908fc6dc4a2e22a789e8355c7ba263599
The variable `uca_apt_source_list_filename` is not defined anywhere
in openstack-ansible so this task is redundant.
Change-Id: I15cc331ad5ec11507860bf61b0c2b20fa8c0b2a0
After adding `localhost` to inventory explicitly [1] this caused an interesting
side-effect, where a record for `localhost` is being added to the managed block
in /etc/hosts file, which might override FQDN defenition for the host.
This also makes healthcheck-hosts.yml fail the test, since expected record is not present.
[1] https://review.opendev.org/c/openstack/openstack-ansible/+/899523
Change-Id: If1840530a54aa9ae22eda1d3094f0c40ab66ddde
At the moment we aim to make systemd-journald a universal destination
for log files across services. With that there is currently no way
of configuring journald using OSA. While this might be
neat for production deployments, it's very valuable to have for CI
as well.
Change-Id: I70a8c9266cb12811a58f5a183955dbec319e539f
There were couple of tasks designed for unsupported
operating systems like Debian 10 or CentOS 8 that were
left during previous cleanups.
Change-Id: I5f920c16a6f6053e64b8013b2a668eb3b1ed2f6a
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Change-Id: Ide0ca8cf60f3a92c98543465d53bc4720067b153
RDO provides two sets of repositories with OpenStack packages, RDO Trunk
and RDO CloudSIG [1]. Currently, openstack_hosts role always uses Trunk
repos but in some cases, users may prefer to use CloudSIG.
This patch adds a variable openstack_hosts_rdo_repo_type which can take
values "trunk" or "cloudsig" to select the type or repos to be used.
[1] https://www.rdoproject.org/what/repos/
Change-Id: I95ee40ae1366e815507b62ba632935e664971f42
This tag aimed to be used when a deployer only wants to refresh records
for their /etc/hosts file.
Change-Id: Ide65a7f362ee21fa07c729d04f592bf400bdc84e
We do mainatain set of systemd roles, that allow to easily provision
extra services, mounts or even networks and used quite widely across
roles. This way we can ease lives of deployers and need of maintaining
external playbooks and roles that will do basically same. Feature for a
way to create/manage internal networking was also asked for quite
a while amoung users. Systemd-service role can also be used to
define post/pre hooks for configured networks and systemd_mount
can be usefull to setup a shared filesystems for image or volume
conversion directories to avoid running out of diskspace on controllers.
Change-Id: Ia13f7747696db5b7b7640df7532c6d55627bdd01
This reverts commit cf358f169d.
Reason for revert: RHBA-2022:4082 has packages released which resolve the bug
Change-Id: Ic7135573bd16697d5fe289e9f3838843eb047cc8
This line snuck in with If97b59759d8f89af371f8b0a4538402b1c3320c1
probably to bring it in line with other OSA roles, but should already
be covered by the distribution_major_version line above.
Change-Id: I6d48bf93be68d4fe89c9922c9b53beb6cea7ced5
Add variable, that would allow to provide extra records for /etc/hosts
file. That might be useful for ppl who still have not adopted proper
DNS or want to do DNS RR, but not for internal VIP and manage internal
VIP with /etc/hosts file, where each host group would resolve FQDN to
a local address.
Change-Id: I89f8cdebf9322c0451b5600b073c82b7773af164
Debian requires a different fix for pam_env config than centos-9,
and this was broken in [1]. Return the original task to adjust pam
config on debian.
[1] Ibe4ab810ba48c9735af187d39fc34a7451c12d8a
Change-Id: Ib287ac4805aac8be8b71537e9c52f0c7e57fb8d4
We already have extra config for package manager. With this patch we
extend existing functionality by adding optional default value, that
will be concatinated with extra config.
Deployers are able to set default config to empty string if want to
disable that behaviour.
Change-Id: Ifa40a5296969088fd8f2d07968a8d94e3bc5b2c5
This has been possible since ansible 2.11 so we use the built
in functionality. This should be idempotent and does not
require an additional task.
Change-Id: I0bec6f705d0fbc0b593f19100262912f7b0de4c1
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.
This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.
Change-Id: If97b59759d8f89af371f8b0a4538402b1c3320c1
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814
Change-Id: Ie68c003bf05e9875ef7036cc6cb5951216128110
In order to force requests module inside venvs to trust system-trusted
certificate authorities, we need to define environment variable
that will provide full path to CA file. Otherwise certifi provided file
will be used, that can't be updated with new CA once they're added
to system trust store.
Change-Id: I79446813602ae094bb788d3c29654fb814ec19a8
There has been one confirmed denial-of-service against the opendev
git servers due to an openstack-ansible deployment failing to
correctly use cached wheels from the repo server and instead clone
and build the source code for each openstack service on each target
host.
Whilst we wait for further information to understand the root cause
of that DOS, it is possible to adjust the user-agent that git uses
on a per-domain basis.
A previous patch [1] creates a user-agent string very early during
the setup of a deployment host, or all-in-one environment, but not
any other nodes in a multinode environment. This patch addresses
creating /etc/gitconfig for all hosts in a multinode environment.
If git is not installed on a host (which would be the default state
for hosts other than the deploy host and repo server) a placeholder
/etc/gitconfig is written in case later in the deployment the
python_venv_build role installs git and clones openstack services
from source code to install into a venv without use of the repo
server container. The repo server should normally clone once for
each service deployed for the whole environment.
The user-agent, where possible, contains the git version string,
the openstack-ansible version string and the OSA 'component' to
aid understanding traffic patterns seen at the opendev.org git servers.
[1] https://review.opendev.org/c/openstack/openstack-ansible/+/786596
Change-Id: I4f82bb1a08d01f30c45444f52db357e47245fe31
This change implements openstack_hosts_package_manager_extra_conf variable which allows to add extra content into package manager's configuration(works with apt,yum and dnf).
Change-Id: Icbd3350c11bd0698bffc2083215ad51af759d5ef
Import tasks results in includding and skipping all tasks when condition
is false. Include won't happen when condition is false. However it we
need to define tags in compatible way for them to work properly [1]
We also remove is_container variable since we have a reliable
is_metal replacement in dynamic_inventory.
[1] https://docs.ansible.com/ansible/latest/collections/ansible/builtin/include_tasks_module.html#examples
Change-Id: If97d088736a308e8f4441bf08405c08978de241e
This addresses an issue with delegation to containers noticed
as a result of https://github.com/ansible/ansible/issues/72776
which causes the container host to be accessed by its hostname.
Where a separate deploy host is used, up to now this has not had
its hosts file modified. This patch applies the same /etc/hosts
entries to the deploy host which are used elsewhere.
Change-Id: I82b48ba5cfe6e533426e7098c455b729084b2d51
All references to Gentoo, SUSE, Debian stretch and Centos-7 are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible
Change-Id: Ie387720bee27f2d420fc00922de9e4ce8cf00744
In case of VIP failover some connections (like mysql) can stuck
in retrying to connect and detect a dead connection. We
should probably make this failover to be detected faster then the
default value as suggested in [1]
[1] https://access.redhat.com/solutions/726753
Change-Id: Ia51f7f8f5225c4e350760093686858eabb3fec8a
Related-Bug: #1917068
This is used by python_systemd wheel build which breaks when the
version string is read from pkg-config
Centos-8:
pkg-config --modversion libsystemd
239 (239-41.el8_3)
Bionic:
pkg-config --modversion libsystemd
237
This causes the C preprocessor to fail when building the wheel
http://paste.openstack.org/show/800825/ as the string returned on
centos cannot be used in a preprocessor version comparison.
This can be fixed by setting the environment variable LIBSYSTEMD_VERSION
which will be used by the python_systemd setup.py script in prefernce
to the value from pkg-config
In addition this patch changed the following for centos 8.3 which are
necessary to pass tests.
1. CentOS 8.3 merged nf_conntrack_ipv4/6 into nf_conntrack
2. CentOS 8.3 PowerTools repo use lowercase for name.
Change-Id: I3fb3080c69307b38e21735d431b55eefa221f12c
These tasks have been factored out of the horizon and keystone roles
so that they are only defined in a single place.
Change-Id: I074c005074e4e4071e4a57b3ddf7f4d508a56749
Centos-8 is the only operating system which excercises the DNF code
path and for functional rather than integrated tests install_method
may be undefined.
Default the install method to 'source'
Change-Id: I628c61e4b846bb380640ed96ee4c1909c88898ff
We need config-manager to enable repositories for CentOS 8 hosts.
Also, since we do need PowerTools inside lxc containers, we should
install tooling not only for bare metal, but also for containers.
Some projects, like manila, also require some packages out of
PowerTools repository.
Change-Id: Ic150c2698acc3b78a60de36b4714fe2aafa3e970
RDO packages require libvirt to be >=5.0 which is possible only in
case of usage advanced-virtualization repo.
Patch also adds python3-six package which should be updated in CI as
it has incompatible version with python3-urllib because of usage [1],
as old six don't have that method onboard.
[1] a5a45dc36f/src/urllib3/util/url.py (L217)
Change-Id: Ic48c7a38673235c3925775d73018c45c237627d5
RDO repo relies on some libraties that are present in PowerTools
repository. This repo exists in base image, however is disabled.
From the other side, zuul adds this repo with base jobs and enable it
in CI by default.
So not to deal with getting right URL and etc, we're just running command
Change-Id: I028dce38a4b7dbdd3683b4ad07bd2f5cd19ed1b5